[Security] Vulnerabilities In Dependency: fast-xml-parser - Requires Upgrade #523
Comments
RTurek
changed the title
Merged
|
Need this fixed asap. Can't use this package in production environments that need to pass security reviews (like for getting an application approved for google integration) |
|
The issue has been around for over a month, plz prioritize this |
|
Resolved by #521 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
filestack-js(and thusfilestack-reactand any other libs that depend onfilestack-js) has a security vulnerability due to a javascript dependency. Thefast-xml-parserlibrary needs to be upgraded.Expected Behavior
No security alerts on GitHub or other vulnerability scanners should be triggered by
filestack-jsandfilestack-react's dependency onfast-xml-parserCurrent Behavior
Security alert shows up because of the vulnerability in the older version of
fast-xml-parserPossible Solution
Upgrade
"fast-xml-parser": "^3.16.0"to
"fast-xml-parser": "^4.2.4"Additional Screenshots & Documentation
Regex Issue
GHSA-6w63-h3fj-q4vw
https://security.snyk.io/vuln/SNYK-JS-FASTXMLPARSER-5668858
https://vulners.com/github/GHSA-6W63-H3FJ-Q4VW
Prototype Pollution issue
GHSA-x3cc-x39p-42qx
Context
All users of this library will be impacted by this.
Your Environment
All environments are impacted by this.
The text was updated successfully, but these errors were encountered: