Skip to content

fix: pbkdf2 critical vulnerability#249

Closed
romanindev wants to merge 1 commit into
browserify:masterfrom
romanindev:fix/pbkdf2-critical-vulnerability
Closed

fix: pbkdf2 critical vulnerability#249
romanindev wants to merge 1 commit into
browserify:masterfrom
romanindev:fix/pbkdf2-critical-vulnerability

Conversation

@romanindev

@romanindev romanindev commented Aug 1, 2025

Copy link
Copy Markdown
  • update version pbkdf2 3.1.2 => 3.1.3
image image

@jakehobbs

Copy link
Copy Markdown

@ljharb @calvinmetcalf Could this please get merged?

@ljharb

ljharb commented Aug 30, 2025

Copy link
Copy Markdown
Member

No, because there's no need for it, and there's never a need for any PR like it. The fix is an in-range version, so all everyone needs to do is update their lockfiles (which npm audit fix, dependabot/renovate/etc, all do for you).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants