Vulnerability due to outdated superagent dependency
Closed this issue · 1 comments
timbru31 commented
The @ionic/cloud
is (transitive) vulnerable to Prototype Override Protection Bypass of qs
due to the transitive dependency chain of @ionic/cloud -> superagent -> qs
Fix
Update superagent
dependency to v3.6.0, since the current v3.6.0 has locked in a fixed version of qs
(^3.4.0
) [yes there are two major versions since the last update]
More information
snyk.io report of this project: https://snyk.io/test/npm/@ionic/cloud
Information of the qs
vuln: https://snyk.io/vuln/npm:qs:20170213
superagent
changelog: https://github.com/visionmedia/superagent/blob/master/History.md
mlynch commented
Thanks, patched now!