Need to update object-path dependency.

Question

Need to update object-path dependency.

joelschlotterer opened this issue 4 years ago · 2 comments

───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ object-path │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.11.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ asset-builder [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ asset-builder > object-path │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1573

Answer 1 · 2021-12-02T23:55:58.000Z

It's been fixed in #79 but still waiting author to release the new version :D hope author will have time soon.

Answer 2 · 2021-12-03T00:04:52.000Z

Meanwhile, I am using npm-force-resolutions to get rid of all the issues from the packages. If you want to solve the issues then you can follow these steps:

First, you need to add new script "preinstall": "npx npm-force-resolutions" in you package.json
Your scripts code will look like this:

"scripts": {
    "preinstall": "npx npm-force-resolutions",
    // Other scripts goes here.
}

Then in your package.json, you'll have to add a new node "resolutions" and inside that, you'll have to specify the package name and version that suggested to fix the issue.

In the case of asset-builder the code will look like this:

"resolutions": {
    "object-path": "^0.11.8"
}

then run the npm install and the issue will be removed for object-path