grpc
/
grpc-node
mirror of https://github.com/grpc/grpc-node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create template issue for protobufjs specifically.

This commit is contained in:
Nicolas Noble 2018-05-22 16:25:45 -07:00 committed by GitHub
parent a6098b4b17
commit d8016fa09d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/ISSUE_TEMPLATE/protobufjs_redos vendored Normal file
View File

@ -0,0 +1,8 @@
---
name: ReDoS vulnerability
about: npm audit reports that protobufjs has a ReDoS vulnerability.
---
As I ran `npm install`, the tool told me that protobufjs has 1 moderate vulnerability, as described here: https://nodesecurity.io/advisories/605
The gRPC team is aware of this, and this issue would be a duplicate of #277. The gRPC package can't upgrade the protobufjs dependency without proceeding with a breaking change, and the fix has been backported to protobufjs 5.0.3 already - it's simply the nodesecurity.io database that is outdated.