https://supertokens.com/ logo
#support-questions
Title
# support-questions
c

Chunkygoo

12/07/2022, 12:02 AM
Copy code
# npm audit report

qs  6.7.0 - 6.7.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix --force`
Will install supertokens-node@2.5.0, which is a breaking change
node_modules/qs
  body-parser  1.19.0
  Depends on vulnerable versions of qs
  node_modules/body-parser
    supertokens-node  >=3.0.0
    Depends on vulnerable versions of body-parser
    node_modules/supertokens-node

3 high severity vulnerabilities
Any insights?
r

rp

12/07/2022, 4:02 AM
Can you open an issue about this. We will fix it.
c

Chunkygoo

12/10/2022, 2:27 AM
Sorry never got around doing this
Which repo? I'll submit an issue
r

rp

12/10/2022, 3:44 AM
Supertokens-node. Thanks
r

rp

12/10/2022, 8:15 PM
thanks
5 Views