New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[HIGH] Uncaught Exception in yaml #1977
Labels
dependabot-security-finding
needs-triage
Priority and effort undetermined yet
priority/p0
Needs to be addressed immediately
Comments
cdk8s-automation
added
dependabot-security-finding
needs-triage
Priority and effort undetermined yet
priority/p0
Needs to be addressed immediately
labels
May 10, 2023
This was referenced May 11, 2023
mergify bot
pushed a commit
to cdk8s-team/cdk8s-core
that referenced
this issue
May 15, 2023
We currently have a dependabot security finding not resolving due to a fixed yaml version in cdk8s. Finding: cdk8s-team/cdk8s-plus#1977 ``` cdk8s@2.7.56 requires yaml@2.0.0-7 cdk8s-cli@1.3.20 requires yaml@2.0.0-7 via a transitive dependency on cdk8s@1.10.54 ``` NOTE: * Looks like there are some more changes added when I run `npx projen`. * Yaml `defaultOptions` for schema was removed in an update. Recommendation is to explicitly mention the version in `parse and document`. Related PR: eemeli/yaml#346
iliapolo
pushed a commit
to cdk8s-team/cdk8s-core
that referenced
this issue
May 15, 2023
We currently have a dependabot security finding not resolving due to a fixed yaml version in cdk8s. Finding: cdk8s-team/cdk8s-plus#1977 ``` cdk8s@2.7.56 requires yaml@2.0.0-7 cdk8s-cli@1.3.20 requires yaml@2.0.0-7 via a transitive dependency on cdk8s@1.10.54 ``` NOTE: * Looks like there are some more changes added when I run `npx projen`. * Yaml `defaultOptions` for schema was removed in an update. Recommendation is to explicitly mention the version in `parse and document`. Related PR: eemeli/yaml#346 (cherry picked from commit 3801c95) Signed-off-by: Vinayak Kukreja <78971045+vinayak-kukreja@users.noreply.github.com> # Conflicts: # .projen/tasks.json # .projenrc.js
The security issue is now resolved. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
dependabot-security-finding
needs-triage
Priority and effort undetermined yet
priority/p0
Needs to be addressed immediately
Github reported a new dependabot security alert at: https://github.com/cdk8s-team/cdk8s-plus/security/dependabot/8
The text was updated successfully, but these errors were encountered: