In @google-cloud/storage and @google-cloud/paginator, Whitesource scan detected vulnerability on package extend<3.0.2

#### Environment details
  - OS: Windows, Linux
  - Node.js version: 8.9.0
  - npm version: 5.6.0
  - `@google-cloud/storage` version: 2.5.0 

#### Steps to reproduce
  1. Run Whitesource scan

Following whitesource vulnerability detected in extend package pushed by @google-cloud/storage and @google-cloud/paginator which uses extend version <=3.0.1.:

#### Details of vulnerability:
**Name**:CVE-2018-16492
**Description**:A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.
**Publish date:**2019-02-01
**Resolution**:Upgrade To Version v3.0.2,v2.0.2
**URL**:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16492

So, please upgrade package extend to v3.0.2 in your dependency definition in package.json to resolve this defect in all of your released packages.

Making sure to follow these steps will guarantee the quickest resolution possible.

Thanks!


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

In @google-cloud/storage and @google-cloud/paginator, Whitesource scan detected vulnerability on package extend<3.0.2 #796

Environment details

Steps to reproduce

Details of vulnerability:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

In @google-cloud/storage and @google-cloud/paginator, Whitesource scan detected vulnerability on package extend<3.0.2 #796

Description

Environment details

Steps to reproduce

Details of vulnerability:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions