Upgrade google-auth-library-nodejs
meip opened this issue · 1 comments
meip commented
I'm submitting a ...
- bug report
- feature request
- question about the decisions made in the repository
- question about how to use this project
Summary
Forge fixed a potential prototype pollution security issue when used with unsafe inputs (see changelog). This library is used by google-auth-library which got patched already and thus an upgrade here would be very appreciated:
Line 39 in 256ba15
Other information
$ npm audit --audit-level=high
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Prototype Pollution in node-forge
Package node-forge
Patched in >= 0.10.0
Dependency of google-ads-api
Path google-ads-api > google-ads-node > google-auth-library >
gtoken > google-p12-pem > node-forge
More info https://npmjs.com/advisories/1561
wcoots commented
This is now resolved and we recommend upgrading to the latest google-ads-api version (Google Ads API v6.1)