node-forge Prototype Pollution vulnerability
flo-sch opened this issue · comments
This package has a dependency towards node-pushnotifications@1.4.1
which has an upstream vulnerability towards node-forge: https://www.npmjs.com/advisories/1561
The vulnerability has been fixed upstream by node-pushnotifications@1.4.3
(latest release being node-pushnotifications@1.5.0
)
Would it be possible to release a new version of this package bumping that dependency, to fix this vulnerability issue?
I have no experience with that dependency myself, but it is not a major release so I am expecting such a bump to be straightforward...?
I am not quite certain this package is still actively maintained to be honest. That would be sad since I do not know a lot of alternatives, but this is the Open Source life