Problem caused by static_eval

[ByCnck]

Can you tell to the devs to check this repository please

https://github.com/AschPlatform/asch/blob/ff97f3c1cf2bdfd95cbb337dad694cd3b7c69a34/src/utils/protobuf.js

Problem: Arbitrary Code Execution

They are using protocol-Buffers 3.1.6
This version have a issue becuse it use some outdated of static-eval
The Vulnerability is introduced through this way:
Protocol-buffers> brfs@1.4.3 › static-module@1.5.0 › static-eval@0.2.4

Here is the commit to fix part of the problem in the github of static-eval
browserify/static-eval@c06f1b8

Further information of the problem:
https://maustin.net/articles/2017-10/static_eval
https://nodesecurity.io/advisories/548

[ByCnck]

zhenxi@asch:~/github/AschPlatfrom/asch$ npm ls static-eval
asch@1.3.4 /home/zhenxi/github/AschPlatfrom/asch
└─┬ protocol-buffers@3.1.6
  └─┬ brfs@1.4.3
    └─┬ static-module@1.5.0   // "static-eval": "~0.2.0",
      └── static-eval@0.2.4 // latest version:2.0

[ByCnck]

waiting for this fix browserify/static-module#35.
now ipfs-js also have the problem or similar.