Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update proxy-agent to remove vulnerable vm2 dependency #2519

Closed
matthewsac opened this issue Jul 31, 2023 · 2 comments
Closed

Update proxy-agent to remove vulnerable vm2 dependency #2519

matthewsac opened this issue Jul 31, 2023 · 2 comments
Labels
c/security t/bug Something isn't working

Comments

@matthewsac
Copy link

Dependabot issued a critical alert on the vm2 library which is used by proxy-agent. A new version of proxy-agent removes this vulnerability by replacing vm2. Spectral needs to be updated to use this new version.

Links to the two Dependabot alerts that relate to this issue:

265
266

Link to the new proxy-agent version to be used:
proxy-agent 406.3.0

NOTE: This update must also be done for prism and platform-internal. See the links to the other issues in the comments.
@matthewsac matthewsac added t/bug Something isn't working c/security labels Jul 31, 2023
@matthewsac
Copy link
Author

matthewsac commented Jul 31, 2023
edited
Loading

Prism: stoplightio/prism#2342
Platform-internal: https://github.com/stoplightio/platform-internal/issues/17519

@matthewsac matthewsac mentioned this issue Jul 31, 2023
Closed
@P0lip
Copy link
Contributor

P0lip commented Jul 31, 2023

@matthewsac Spectral has been already addressed in #2513

@P0lip P0lip closed this as completed Jul 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
c/security t/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@matthewsac @P0lip