[SG-39076] thenify before 3.3.1 made use of unsafe calls to eval.
There are no commits yet
Push commits to the source branch or add previously merged commits to review them.
Created by: gitstart-sourcegraph
Versions of thenify
prior to 3.3.1 made use of unsafe calls to eval. Untrusted user input could thus lead to arbitrary code execution on the host. The patch in version 3.3.1 removes calls to eval.
Update thenify to a non-vulnerable version
The latest possible version of thenify that can be installed is 3.3.0. The earliest fixed version is 3.3.1.
Sourcegraph issue Gitstart ticket
Make sure there is no CI
error resulting from this change
Check out the client app preview documentation to learn more.
Push commits to the source branch or add previously merged commits to review them.