Library is dependent on malicious async version
lukasjapan opened this issue · 1 comments
lukasjapan commented
See:
GHSA-fwr7-v2mv-hh25
Dependency setting is here:
https://github.com/sapics/geoip-country/blob/master/package.json#L40
Can fix by upgrading to 2.6.4
sapics commented
@lukasjapan Thank you for noticing!
I have fixed it and published new version 4.0.118.