4 high severity vulnerabilities while installing node-red@2.2.2 && 2.1.4

I reference node-red in my project at TDengine/src/connector/node-red-contrib-tdengine at develop · taosdata/TDengine · GitHub .I will always altered by github says:" prototype pollution in async" and this alert is decteced in pack-lock.json file.
Can these vulnerabilities be resolved.

These issues will be resolved in 3.0.

They are limited to the Watch node - the fix was to rewrite the node to use a different underlying library. That type of change isn't one we would typically make in a fix release - but we could consider backporting it once we are certain it doesn't change any behaviour.

3 Likes

Thanks for your explanation.