Vulnerability 1012

[dalefrancis88]

Team,

https://www.npmjs.com/advisories/1012 was just raised today. It looks like it's based in http-proxy-middleware do you guys have an estimate on how long you think it'll take to get a release out that'll resolve this?

it looks like cache-base may be the bottleneck here

[alexander-akait]

It is development server, so this security problem is not high priority here, also we don't use set-value directly so we can't do something on our side, please open issue in cache-base, sorry

[dalefrancis88]

I did, i actually created a PR but i was curious if you guys were actively engaging is all

[alexander-akait]

Let's keep open for tracking

[mixtur]

For me it looks like I suddenly went from 0 vulnerabilities to uh... 765? I guess there is сombinatorial explosion involved.
Ok, maybe there is no real vulnerability here. But If there was now, I would have definitely missed it behind these 765.

[alexander-akait]

Problem was on npm side, now we doesn't have any vulnerability, thanks for issue