Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lerna/8.1.7 package update #24378

Merged
merged 1 commit into from
Jul 24, 2024
Merged

lerna/8.1.7 package update #24378

merged 1 commit into from
Jul 24, 2024

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Jul 21, 2024

@wolfi-bot
lerna/8.1.7 package update
40bde57 
Signed-off-by: wolfi-bot <121097084+wolfi-bot@users.noreply.github.com>
@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr labels Jul 21, 2024
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Jul 21, 2024

bincapz detected files with a risk score equal or higher than 'CRITICAL': Click to expand/collapse

/tmp/bincapz3713282761/packages/x86_64/lerna-8.1.7-r0.apk/usr/local/lib/node_modules/lerna/node_modules/@napi-rs/wasm-runtime/dist/fs.js [🚨 CRITICAL]

RISK KEY DESCRIPTION EVIDENCE
CRITICAL evasion/base64/python contains base64 Python code JlYWQoK::$read
V2YWwo::$eval
V4ZWMo::$exec
ZXhlYy::$exec
cmVhZCgp::$read
leGVjK::$exec
yZWFkKC::$read
HIGH evasion/base64/shell/commands commands in base64 form NobW9k::$b_chmod
Y2htb2::$b_chmod
jaG1vZ::$b_chmod

/tmp/bincapz3713282761/packages/x86_64/lerna-8.1.7-r0.apk/usr/local/lib/node_modules/lerna/node_modules/@napi-rs/wasm-runtime/dist/runtime.js [🚨 CRITICAL]

RISK KEY DESCRIPTION EVIDENCE
CRITICAL evasion/base64/python contains base64 Python code ZGVjb2RlKC::$decode
ZXZhbC::$eval
cmVhZCgp::$read
kZWNvZGUoK::$decode
yZWFkKC::$read
CRITICAL 3P/delivrto/susp/html/wasm Presence of Base64 JavaScript blob loading WASM, by delivr.to V2ViQXNzZW1ibHkuSW5zdGFuY2
V2ViQXNzZW1ibHkuTW9kdWxl
V2ViQXNzZW1ibHkuaW5zdGFudGlhdG
XZWJBc3NlbWJseS5JbnN0YW5jZ
XZWJBc3NlbWJseS5Nb2R1bG
XZWJBc3NlbWJseS5pbnN0YW50aWF0Z
dlYkFzc2VtYmx5Lk1vZHVsZ
dlYkFzc2VtYmx5Lkluc3RhbmNl
dlYkFzc2VtYmx5Lmluc3RhbnRpYXRl

@egibs egibs mentioned this pull request Jul 22, 2024
Merged
egibs
egibs approved these changes Jul 22, 2024
View reviewed changes
Copy link
Member

@egibs egibs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The bincapz findings were a false positive.

@mamccorm mamccorm merged commit 984eb72 into main Jul 24, 2024
8 checks passed
@mamccorm mamccorm deleted the wolfictl-31e3a728-f0e4-415b-92e8-41c84a8efaf9 branch July 24, 2024 11:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mamccorm mamccorm mamccorm approved these changes

@egibs egibs egibs approved these changes

Assignees
No one assigned
Labels
automated pr request-version-update request for a newer version of a package service:bincapz/blocking
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@egibs @mamccorm @wolfi-bot