package semver security issue #18
Assignees
Labels
Comments
|
@chip-astg, please update your canvas layer by deploying the latest version through AWS Serverless Application Repository, or creating a new version of your deployment by uploading the latest version from Releases. Thank you. |
|
I deployed it a few days ago. It is the latest version canvas@2.11.2 I downloaded the layer as a zip. package-lock.json contains semver 6.0.0 and 6.3.0 in addition to 7.5.3. Perhaps Amazon Inspector is finding those? |
|
Would do some more round of works here and target to release in next release. Thank you~ |
Merged
|
A new maintenance release is available through AWS Serverless Application Repository. I have tested in my Lambda with Amazon Inspector, haven't found any issue so far. Please deploy and try again. Thank you. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Amazon Inspector found a security issue with the current version of lambda-layer-canvas-nodejs
In package semver, version 6.3.0 has a Severity High vulnerability. The vulnerability is resolved in version 7.5.2
https://nvd.nist.gov/vuln/detail/CVE-2022-25883
Note that no other vulnerabilities were identified.
The text was updated successfully, but these errors were encountered: