I reference node-red in my project at TDengine/src/connector/node-red-contrib-tdengine at develop · taosdata/TDengine · GitHub .I will always altered by github says:" prototype pollution in async" and this alert is decteced in pack-lock.json file.
Can these vulnerabilities be resolved.
These issues will be resolved in 3.0.
They are limited to the Watch node - the fix was to rewrite the node to use a different underlying library. That type of change isn't one we would typically make in a fix release - but we could consider backporting it once we are certain it doesn't change any behaviour.
3 Likes
Thanks for your explanation.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
