archive-gh-me/grpc-node
1
0
Fork 0
mirror of https://github.com/grpc/grpc-node.git synced 2025-12-08 18:23:54 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #361 from grpc/protobufjs-template

Browse Source 
Create template issue for protobufjs specifically.
This commit is contained in:
Michael Lumish 2018-05-22 18:21:05 -07:00 committed by GitHub
commit 1ee07a5e0b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.github/ISSUE_TEMPLATE/protobufjs_redos vendored Normal file
View File

@ -0,0 +1,12 @@
---
name: ReDoS vulnerability
about: npm audit reports that protobufjs has a ReDoS vulnerability.
---
As I [ran `npm install`]/[ran 'npm audit']/[got a report from Snyk],
the tool told me that protobufjs has 1 moderate vulnerability exported
through the `grpc` package, as described here: https://nodesecurity.io/advisories/605
The gRPC team is aware of this, and this issue is a duplicate of #277.
Upgrading this depdendency would be a breaking change, and the fix has been backported
to protobufjs 5.0.3 already; the [nodesecurity.io]/[Snyk] database is simply outdated.