Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

node_module dependency "ua-parser-js" is hijacked by malware #3712

Closed
wants to merge 1 commit into from
Closed

node_module dependency "ua-parser-js" is hijacked by malware #3712

wants to merge 1 commit into from

Conversation

ohanedan
Copy link

looks ua-parser-js hijected.
see. faisalman/ua-parser-js#536

@google-cla
Copy link

google-cla bot commented Oct 22, 2021

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.


What to do if you already signed the CLA

Individual signers
Corporate signers

ℹ️ Googlers: Go here for more info.

@ohanedan
Copy link
Author

@googlebot I signed it!

@ohanedan ohanedan changed the title ua-parser-js version fix node_module dependency "ua-parser-js" is hijacked by malware Oct 22, 2021
@edvorg
Copy link

edvorg commented Oct 22, 2021

Hmmm
image

is it stuck mining crypto?

@ohanedan
Copy link
Author

Hmmm image

is it stuck mining crypto?

I think not, other PR's looks same. However, this change may not be necessary. The dev of the relevant repo is preparing an update to secure the versions. like 0.7.30, 0.8.1 and 1.0.1

@ohanedan
Copy link
Author

looks safe now with new versions
Screen Shot 2021-10-22 at 19 51 49

@ohanedan ohanedan closed this Oct 22, 2021
@ohanedan ohanedan deleted the ua-parser-js-version-fix branch October 22, 2021 16:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants