Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump help-me to major version 2; glob-parent vulnerability #1276

Closed
RageCage64 opened this issue May 7, 2021 · 2 comments
Closed

Bump help-me to major version 2; glob-parent vulnerability #1276

RageCage64 opened this issue May 7, 2021 · 2 comments

Comments

@RageCage64
Copy link

Hello mqttjs team!

One of your dependencies help-me at major version 1 was pulling in a dependency glob-stream which pulled in glob-parent@3.1.0. It is affected by this CVE. help-me changed to node-glob instead of glob-stream in version 2.0.0. I am wondering how feasible it is to upgrade help-me to the next major version in this repo.

Thanks in advance!
@YoDaMa YoDaMa self-assigned this May 7, 2021
@YoDaMa
Copy link
Contributor

YoDaMa commented May 7, 2021

Hey @BraydonKains, thanks for pointing this out.

@robertsLando
Copy link
Member

Fixed in latest beta

MQTT 5.0.0 BETA is now available! Try it out and give us feedback: npm i mqtt@beta. It may fix your issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@RageCage64 @YoDaMa @robertsLando