Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerability: extend 3.0.1 module in web3-bzz #2792

Closed
dwalintukan opened this issue May 8, 2019 · 1 comment · Fixed by #2795
Closed

Security vulnerability: extend 3.0.1 module in web3-bzz #2792

dwalintukan opened this issue May 8, 2019 · 1 comment · Fixed by #2795
Labels
Bug Addressing a bug

Comments

@dwalintukan
Copy link

dwalintukan commented May 8, 2019
edited
Loading

Description

Using 1.0.0-beta.54 Github complains of a security vulnerability in the extend 3.0.1 module which is being used by [email protected] -> [email protected] -> [email protected] -> [email protected] -> [email protected] -> extend 3.0.1.

Expected behavior

No security vulnerability warning in Github.

Actual behavior

image

Versions

  • web3.js: 1.0.0-beta.54
@nivida
Copy link
Contributor

nivida commented May 8, 2019

Thanks for opening this issue! I've contacted yesterday the creator of the swarm-js dependency we use. He told me that the swarm-js package is no longer maintained and do not get any new version. The swarm team itself was once opening issues here to remove the bzz module and I think this will be the current solution. (I will later re-implement the bzz module)

@nivida nivida added the Bug Addressing a bug label May 8, 2019
@nivida nivida changed the title Security vulnerability: extend 3.0.1 module in 1.0.0-beta.54 Security vulnerability: extend 3.0.1 module in web3-bzz May 8, 2019
@nivida nivida mentioned this issue May 8, 2019
Merged
12 tasks
@nivida nivida mentioned this issue May 9, 2019
Merged
12 tasks
@alcuadrado alcuadrado mentioned this issue Sep 16, 2019
Closed
@snyk-bot snyk-bot mentioned this issue Feb 4, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Addressing a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

BZZ module removed web3/web3.js
2 participants
@nivida @dwalintukan