Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

@cdktf/cli-core: upgrade archiver dependency #3782

Open
1 task
BeniRupp opened this issue Dec 2, 2024 · 0 comments
Open
1 task

@cdktf/cli-core: upgrade archiver dependency #3782

BeniRupp opened this issue Dec 2, 2024 · 0 comments
Labels
enhancement New feature or request new Un-triaged issue

Comments

@BeniRupp
Copy link

BeniRupp commented Dec 2, 2024

Description

@cdktf/cli-core will install glob in a vulnerable version (7.x):

   ├─ cdktf-cli@npm:0.20.10 (via npm:0.20.10)
   │  ├─ @cdktf/cli-core@npm:0.20.10 (via npm:0.20.10)
   ...
   │  │  ├─ archiver@npm:5.3.2 (via npm:5.3.2)
   │  │  │  ├─ archiver-utils@npm:2.1.0 (via npm:^2.1.0)
   │  │  │  │  └─ glob@npm:7.2.3 (via npm:^7.1.4)
   │  │  │  └─ zip-stream@npm:4.1.1 (via npm:^4.1.0)
   │  │  │     └─ archiver-utils@npm:3.0.4 (via npm:^3.0.4)
   │  │  │        └─ glob@npm:7.2.3 (via npm:^7.2.3) 

npm audit will report the following:

─ glob
   ├─ ID: glob (deprecation)
   ├─ Issue: Glob versions prior to v9 are no longer supported
   ├─ Severity: moderate
   ├─ Vulnerable Versions: 7.2.3
   ...

Upgrade archiver to version 7.0.1.

References

No response

Help Wanted

  • I'm interested in contributing a fix myself

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
@BeniRupp BeniRupp added enhancement New feature or request new Un-triaged issue labels Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request new Un-triaged issue
Projects
None yet
Development

No branches or pull requests

1 participant