4 high severity vulnerabilities while installing node-red@2.2.2 && 2.1.4

I reference node-red in my project at TDengine/src/connector/node-red-contrib-tdengine at develop · taosdata/TDengine · GitHub .I will always altered by github says:" prototype pollution in async" and this alert is decteced in pack-lock.json file.
Can these vulnerabilities be resolved.

These issues will be resolved in 3.0.

They are limited to the Watch node - the fix was to rewrite the node to use a different underlying library. That type of change isn't one we would typically make in a fix release - but we could consider backporting it once we are certain it doesn't change any behaviour.


Thanks for your explanation.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.