Hi there, I am trying to install the myscript-math-web library, but I keep getting a high severity vulnerability.
The assign-deep package is upgraded to 1.0.1 so that is not the problem.
Has anyone had this before?
Thank you for raising our attention to this point.
The assign-deep package is upgraded to 1.0.1, but the myscript package (containing myScriptJS) that comes as a dependancy of the myscript-math-web library still relies on the 4.0.7 version. This is probably the reason why you still have this message.
If you are starting a new Web project, we recommand you to use myScriptJS that is the core of the MyScript browser technology and will allow you higher integration flexibility rather than the myscript-math-web.
Nevertheless, the version of assign-deep is already UpToDate in the next MyScriptJS release that should be available in a few weeks.
In the meantime you might want to take the MyScriptJS version that is available in this branch to get the UpToDate version of assign-deep. This fix is provided as is, without qualification.
Thank you very much for your reply.
I have uninstalled the myscript-math-web, and I tried installing the main MyScriptJS as you suggested in the link.
npm install myscript
I still get the same assign-deep vulnerability warning - did you mean that the version with the update still hasn't been released for the main library as well? Can I still use this library despite being given the warning, or should I wait until the up to date version is uploaded?
currently, you can use the current release of the MyScriptJS:
-As said by Gwenaëlle, our BackEnd server in in JAVA, so the assign-deep vulnerability is not a concern
-The coming release of the MyScriptJS will be compatible with the current one, so upgrade will be pretty straight-forward.