This repository was archived by the owner on Jan 9, 2023. It is now read-only.
This repository was archived by the owner on Jan 9, 2023. It is now read-only.
Fix dependency on vulnerable winston package #118
Description
We have been seeing this error message due to the latest version Smartsheet SDK depending on Winston@2.4.5 which depends on the library async@1.0.0 which has a security vulnerability.
async <2.6.4
Severity: high
Prototype Pollution in async - GHSA-fwr7-v2mv-hh25
fix available via npm audit fix --force
Will install smartsheet@0.2.0, which is a breaking change
node_modules/async
winston 0.4.0 - 3.0.0-rc6
Depends on vulnerable versions of async
node_modules/winston
smartsheet >=1.0.0-beta.0
Depends on vulnerable versions of winston
node_modules/smartsheet
Please update the SDK to use the latest version of winston.