[HIGH] Uncaught Exception in yaml #1977
Labels
dependabot-security-finding
needs-triage
Priority and effort undetermined yet
priority/p0
Needs to be addressed immediately
Comments
cdk8s-automation
added
dependabot-security-finding
needs-triage
This was referenced May 11, 2023
mergify bot
pushed a commit
to cdk8s-team/cdk8s-core
that referenced
this issue
May 15, 2023
We currently have a dependabot security finding not resolving due to a fixed yaml version in cdk8s. Finding: cdk8s-team/cdk8s-plus#1977 ``` cdk8s@2.7.56 requires yaml@2.0.0-7 cdk8s-cli@1.3.20 requires yaml@2.0.0-7 via a transitive dependency on cdk8s@1.10.54 ``` NOTE: * Looks like there are some more changes added when I run `npx projen`. * Yaml `defaultOptions` for schema was removed in an update. Recommendation is to explicitly mention the version in `parse and document`. Related PR: eemeli/yaml#346
iliapolo
pushed a commit
to cdk8s-team/cdk8s-core
that referenced
this issue
May 15, 2023
We currently have a dependabot security finding not resolving due to a fixed yaml version in cdk8s. Finding: cdk8s-team/cdk8s-plus#1977 ``` cdk8s@2.7.56 requires yaml@2.0.0-7 cdk8s-cli@1.3.20 requires yaml@2.0.0-7 via a transitive dependency on cdk8s@1.10.54 ``` NOTE: * Looks like there are some more changes added when I run `npx projen`. * Yaml `defaultOptions` for schema was removed in an update. Recommendation is to explicitly mention the version in `parse and document`. Related PR: eemeli/yaml#346 (cherry picked from commit 3801c95) Signed-off-by: Vinayak Kukreja <78971045+vinayak-kukreja@users.noreply.github.com> # Conflicts: # .projen/tasks.json # .projenrc.js
|
The security issue is now resolved. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Github reported a new dependabot security alert at: https://github.com/cdk8s-team/cdk8s-plus/security/dependabot/8
The text was updated successfully, but these errors were encountered: