fix(security): address CVE-2022-29244, CVE-2021-39135 #2136
Comments
|
Hello @petermetz can you assign me on this one? Thanks |
aldousalvarez
added a commit
to aldousalvarez/cactus
that referenced
this issue
Jul 28, 2022
Fixes hyperledger#2136 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
This was referenced Jul 28, 2022
petermetz
pushed a commit
that referenced
this issue
Aug 5, 2022
Fixes #2136 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Based on the latest azure container scan there are new vulnerabilities detected on the following packages :
cactus-example-supply-chain-app - (npm)
cactus-example-carbon-accounting - (npm)
cactus-cmd-api-server - (npm, @npmcli/arborist)
Packing does not respect root-level ignore files in workspaces - GHSA-hj9c-8jmm-8c52 (CVE-2022-29244)
Package: npm
Affected versions: >=7.9.0, <8.11.0
Patched Versions: 8.11.0
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist - GHSA-gmw6-94gg-2rc2 (CVE-2021-39135)
Package: @npmcli/arborist
Affected versions: < 2.8.2
Patched Versions: 2.8.2 (included in npm v7.20.7 and above)
The text was updated successfully, but these errors were encountered: