Hi there,
I am reaching out on behalf of Builder.io regarding GHSA-4fm3-j964-p869 which we believe to be a false positive. The code in question in the report was added intentionally. The trycloudflare.com proxy URL that was included as part of the affected @builder.io/dev-tools version went to company-owned infrastructure and was deployed to a version of @builder.io/dev-tools that is only used internally by employees for testing purposes. Additionally, that proxy URL is no longer live.
We kindly request a review of this advisory, and we're happy to provide any clarifications needed to assist in removing it. Thank you!
Hi there,
I am reaching out on behalf of Builder.io regarding GHSA-4fm3-j964-p869 which we believe to be a false positive. The code in question in the report was added intentionally. The
trycloudflare.comproxy URL that was included as part of the affected@builder.io/dev-toolsversion went to company-owned infrastructure and was deployed to a version of@builder.io/dev-toolsthat is only used internally by employees for testing purposes. Additionally, that proxy URL is no longer live.We kindly request a review of this advisory, and we're happy to provide any clarifications needed to assist in removing it. Thank you!