High severity security issue flagged by npm audit

Question

High severity security issue flagged by npm audit

linusnorton opened this issue 6 years ago · comments

Hello,

NPM is flagging this repo with a high priority security issue because of some downstream dependencies:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Path Traversal                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ resolve-path                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ koa-static                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ koa-static > koa-send > resolve-path                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/573                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

Any chance the dependencies can be updated?

Xin Hao · Answer 1 · Thu May 17 2018 17:20:12 GMT+0800 (China Standard Time)

v4.0.3 :)