Governance compliance issue with Angular node-forge 0.10.0 version - need to fix this issue

%3CLINGO-SUB%20id%3D%22lingo-sub-1707240%22%20slang%3D%22en-US%22%3EGovernance%20compliance%20issue%20with%20Angular%20node-forge%200.10.0%20version%20-%20need%20to%20fix%20this%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1707240%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20have%20updated%20node-forge%20to%20latest%20Version%20i.e..%2C0.10.0%20but%20still%20we%20are%20facing%20the%20same%20governance%20compliance%20issue%20%3A%3C%2FP%3E%0A%3CP%3E(%3CSPAN%3E%3CSTRONG%3EThe%20package%20node-forge%20before%200.10.0%20is%20vulnerable%20to%20Prototype%20Pollution%20via%20the%20util.setPath%20function.%20Note%3A%20Version%200.10.0%20is%20a%20breaking%20change%20removing%20the%20vulnerable%20functions%3C%2FSTRONG%3E.%3C%2FSPAN%3E)%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPlease%20let%20us%20know%20when%20we%20get%20latest%20version%20with%20fixes%20ready.%26nbsp%3B%3C%2FP%3E%0A%3CP%3EKindly%20provide%20your%20suggestion%20on%20this%20issue.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%3C%2FP%3E%0A%3CP%3EManickam%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1707240%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Forms%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

Hi Team,

 

We have updated node-forge to latest Version i.e..,0.10.0 but still we are facing the same governance compliance issue :

(The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.),

 

Please let us know when we get latest version with fixes ready. 

Kindly provide your suggestion on this issue.

 

Thanks,

Manickam

0 Replies