Security vulnerability for transitive dependency => dot-prop@4.2.0 #689
Description
Hi,
We get this security vulnerability for dot-prop@4.2.0 (dependency of gcs-resumable-upload@1.1.0 <- @google-cloud/storage@2.5.0):
CVE-2020-8116
--
Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
--
Upgrade to version dot-prop - 5.1.1
Can we get an update for google-cloud storage client?
Thanks.
Regards,
Claudiu