Would it be possible to create a new tag for rosnodejs and push it to NPM?
Right now 3.0.2 uses a version of async that has Prototype Pollution vulnerability CVE and it also uses a version of moment that has a Path Traversal vulnerability CVE.
Both vulnerabilities have been addressed in the develop branch. The patched version of Async is now in the package.json and moment has been removed as a package.
So the only thing left is to tag and publish the NPM Package 🤞
Would it be possible to create a new tag for
rosnodejsand push it to NPM?Right now
3.0.2uses a version ofasyncthat has Prototype Pollution vulnerability CVE and it also uses a version ofmomentthat has a Path Traversal vulnerability CVE.Both vulnerabilities have been addressed in the develop branch. The patched version of
Asyncis now in thepackage.jsonandmomenthas been removed as a package.So the only thing left is to tag and publish the NPM Package 🤞