Vulnerability due to outdated superagent dependency

Question

Vulnerability due to outdated superagent dependency

Closed this issue 7 years ago · 1 comments

The @ionic/cloud is (transitive) vulnerable to Prototype Override Protection Bypass of qs due to the transitive dependency chain of @ionic/cloud -> superagent -> qs

Fix
Update superagent dependency to v3.6.0, since the current v3.6.0 has locked in a fixed version of qs (^3.4.0) [yes there are two major versions since the last update]

More information
snyk.io report of this project: https://snyk.io/test/npm/@ionic/cloud
Information of the qs vuln: https://snyk.io/vuln/npm:qs:20170213
superagent changelog: https://github.com/visionmedia/superagent/blob/master/History.md

Answer 1 · 2017-10-14T14:35:50.000Z

Thanks, patched now!