Skip to content
This repository has been archived by the owner on Feb 19, 2022. It is now read-only.

Potential security vulnerability #5

Open
krissalvador27 opened this issue Aug 24, 2018 · 3 comments
Open

Potential security vulnerability #5

krissalvador27 opened this issue Aug 24, 2018 · 3 comments

Comments

@krissalvador27
Copy link

Hello!

Our repo Reactochart uses measure-text and we found that it may have a potential security vulnerability. Tracing our package-lock.json it maps to url-loader v0.5.9 which uses mime v1.3.6 which I believe has the vulnerability.

It's fixed in later versions broofa/mime#167.

Let me know if this is something I can help with!
@tptee
Copy link
Contributor

tptee commented Aug 24, 2018

Thanks for catching this! I'll fix this today!

@krissalvador27
Copy link
Author

hey @tptee, just wanted to follow up on this issue and see if there are any recent updates you can share. Thanks!

@krissalvador27 krissalvador27 mentioned this issue Dec 4, 2018
Merged
@krissalvador27
Copy link
Author

Hey @tptee . We're going to import measure-text's source code into our repo for now. Will try to get around to a PR but unfortunately don't have the bandwidth right now to update url-loader and fix any breaking dependencies upon upgrade. This also solves issue spotify/reactochart#123 for us.

Thanks!

@matt-d-rat matt-d-rat mentioned this issue Aug 19, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tptee @krissalvador27