You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The browserless container has mocha as a dependecy. Mocha depends on serialize-javascript version 6.0.0. There is a new version of serialize-javascript that addresses a vulnerability that appeared in our AWS container registry.
Once mochajs/mocha#5109 is fixed then we can get that fix internally. This dependency shouldn't be present or used in production systems and is only used during tests. Can you verify that this package isn't present in your container?
Describe the bug
The browserless container has
mocha
as a dependecy.Mocha
depends onserialize-javascript
version6.0.0
. There is a new version ofserialize-javascript
that addresses a vulnerability that appeared in our AWS container registry.https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607
To Reproduce
Steps to reproduce the behavior:
npm ls serialize-javascript
Expected behavior
Can we bump the version of
serialize-javascript
being used by depdencies to6.0.2
Screenshots
The text was updated successfully, but these errors were encountered: