Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tough-cookie@2.5.0 vulnerability issues #1111

Closed
ArvinCS opened this issue Aug 14, 2023 · 2 comments
Closed

tough-cookie@2.5.0 vulnerability issues #1111

ArvinCS opened this issue Aug 14, 2023 · 2 comments
Labels
dependent-on-another-issue refactor

Comments

@ArvinCS
Copy link

ArvinCS commented Aug 14, 2023

Feature Request

I have:

  • searched for such a feature request ( enhancement ) and found none

I think the library needs to upgrade its dependency that dependent to tough-cookie@2.5.0. Since tough-cookie@2.5.0 has vulnerability issue (https://avd.aquasec.com/nvd/cve-2023-26136), it needs to be updated to tough-cookie@4.0.0.

node-telegram-bot-api@0.61.0
├─┬ request-promise@4.2.6
│ └── tough-cookie@2.5.0
└─┬ request@2.88.2
└── tough-cookie@2.5.0

Introduction

It will solve this vulnerability issue: https://avd.aquasec.com/nvd/cve-2023-26136

Example

Update the library request and request-promise.
@melroy89
Copy link
Contributor

Related: #1076

@danielperez9430 danielperez9430 mentioned this issue Oct 25, 2023
Merged
4 tasks
@danielperez9430
Copy link
Collaborator

fix: on next release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependent-on-another-issue refactor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@melroy89 @danielperez9430 @ArvinCS