This has a qs vuln #34
Comments
|
Where this has an MIT license it's reasonable to pull the parts of this package you need into your own internal libraries. Just be sure that if you redistribute you understand how that works. I extracted the few parts I use. function ifProduction(env, option1, option2?) {
if (env.production) {
return option1;
}
return option2;
}
function ifNotProduction(env, option1, option2?) {
if (env.production) {
return option2;
}
return option1;
}
function removeEmpty(input) {
let output
if (Array.isArray(input)) {
output = input.filter(item => typeof item !== 'undefined')
} else {
output = {}
Object.keys(input).forEach(key => {
const value = input[key]
if (typeof value !== 'undefined') {
output[key] = value
}
})
}
return output
} |
|
Thanks @Banner-Keith Good idea!! Don't fear the mystery of the library!! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
qs vulnerable to Prototype Pollution - GHSA-hrpp-h998-j3pp
fix available via
npm audit fixnode_modules/webpack-config-utils/node_modules/qs
1 high severity vulnerability
Looks like no one is updating this package anymore?
Thanks
The text was updated successfully, but these errors were encountered: