Skip to content

Commit

Permalink
Removed capi-param-builder for now for Nodejs
Browse files Browse the repository at this point in the history 
Summary:
context:
GHSA-q5hv-6vq5-pw55

https://www.internalfb.com/intern/whitehat/submission/3954986678157887/

Synk also recently updated this package as malicious as well https://security.snyk.io/package/npm/capi-param-builder

Solution:
we are still following up with them to confirm what is the root cause of treating our lib as malicious

Mitigation:
tempaorarily remove the dependency to capi-param-builder for now, will add back once we hjost it on public repo

Reviewed By: liliarizona, satwikareddy3

Differential Revision: D65236031

fbshipit-source-id: ad4edab5737c1792bb2a389990eff99f7cc44cab
  • Loading branch information
@facebook-github-bot
Jiaming You authored and facebook-github-bot committed Oct 30, 2024
1 parent 8da889f commit 759bdf0
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,7 @@
"currency-codes": "^1.5.1",
"iso-3166-1": "^2.1.1",
"js-sha256": "^0.9.0",
"mixwith": "~0.1.1",
"capi-param-builder": "https://capi-automation.s3.us-east-2.amazonaws.com/public/nodejs/capi-param-builder/capi-param-builder-1.1.0-dev.tgz"
"mixwith": "~0.1.1"
},
"devDependencies": {
"babel-cli": "^6.24.1",
Expand Down

0 comments on commit 759bdf0

Please sign in to comment.