[Feedback]: Critical npm audit vulnerability

[xadamxk]

What's on your mind?

The current version of @onesignal/node-onesignal (5.2.0-beta1) has a critical vulnerability with the dependency form-data version 2.5.0.

This dependency needs to be updated to atleast version 2.5.4 to fix this from being flagged by NPM.

Is someone able to address this? Can I help in any way?

Thanks

Code of Conduct

• I agree to follow this project's Code of Conduct

[sherwinski]

Thanks for bringing this to our attention @xadamxk. It looks like the package just needs a quick update and release, I can take care of it shortly.

[xadamxk]

Wow, you work fast!

Any idea when the next version will come out with this fix?

I appreciate your help.

[sherwinski]

We wouldn't be able to do it without your help 🙂

The update is now released under https://github.com/OneSignal/onesignal-node-api/releases/tag/5.2.1-beta1 🚀
Please give it a try and let us know if you experience any other issues.