-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependency vulnerability in stringstream v0.0.5 #38
Comments
Hi @spencern, Currently, I'm busy with some ongoing issues but certainly, I'll pick this up once I get some time. Thanks for reporting. |
Hi @spencern, So I looked at this issue and could see that the From the comment here, I checked on To confirm more, I also verified with NSP for any vulnerability but there was not any. See another screenshot below- Can you please check once again or share more information so that I can reproduce? |
This vulnerability is no longer reported via |
Great @spencern. |
Issue
Snyk has flagged
stringstream
v0.0.5 as a security vulnerability.https://snyk.io/vuln/npm:stringstream:20180511
Remediation
Upgrade
stringstream
to version 0.0.6 or higher.It appears that this vulnerability is pulled in via
request
v2.83.0.request
v2.86.0 and higher do not include this dependency.The text was updated successfully, but these errors were encountered: