Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High risk vulnerability in dependencies #42

Open
gabor-at-reed opened this issue Nov 2, 2020 · 3 comments
Open

High risk vulnerability in dependencies #42

gabor-at-reed opened this issue Nov 2, 2020 · 3 comments

Comments

@gabor-at-reed
Copy link

Hi there,

Currently, npm audit marks this package as high risk one, because one of this dependency has "Remote Memory Exposure" risk.

  High            Remote Memory Exposure

  Package         bl

  Dependency of   brotli-webpack-plugin [dev]

  Path            brotli-webpack-plugin > iltorb > prebuild-install > tar-fs >
                  tar-stream > bl

  More info       https://npmjs.com/advisories/1555
@sayjeyhi
Copy link

@mynameiswhm could you update the package?

@brionmario
Copy link

brionmario commented Nov 9, 2021
edited

It would be better if itorb could be removed. There is a vulnerability in rc package which is a transitive dependency of itorb. I see a PR that had been already sent to remove the dependency. Better if that could be merged.

@brionmario
Copy link

Since the plugin seems to be abandoned, I followed the official documentation and migrated to the compression-webpack-plugin for Brotli compression.

https://webpack.js.org/plugins/compression-webpack-plugin/#using-brotli

@brionmario brionmario mentioned this issue Mar 14, 2022
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gabor-at-reed @sayjeyhi @brionmario