Skip to content
This repository has been archived by the owner on Jan 4, 2021. It is now read-only.

Vulnerability in assign-deep dependency #22

Open
ryan-codingintrigue opened this issue May 18, 2020 · 1 comment
Open

Vulnerability in assign-deep dependency #22

ryan-codingintrigue opened this issue May 18, 2020 · 1 comment

Comments

@ryan-codingintrigue
Copy link

The version of assign-deep used by the project has an active vulnerability and is recommended to update to the latest version:
https://github.com/jonschlinkert/assign-deep/blob/1.0.1/README.md

Would it be possible to upgrade the project to use this new version?

Thanks!
@MyScriptSupport
Copy link

Dear Ryan,

Thank you for raising our attention to this issue.

This vulnerability is a concern in case a Javascript payload is sent to the BackEnd in Javascript, which is not the case of our BackEnd server (that is in Java).

Nevertheless, the version of assign-deep is already UpToDate in the next MyScript JS release that should be available in a few weeks.
In the meantime you might want to take the version that is available in the branch corresponding to #23 to get the UpToDate version of assign-deep. This fix is provided as is, without qualification.

Best regards,

MyScript Support.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ryan-codingintrigue @MyScriptSupport