Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ramda 0.26.1 is vulnerable #880

Closed
3 of 5 tasks
danymarques opened this issue Jun 28, 2022 · 1 comment
Closed
3 of 5 tasks

Ramda 0.26.1 is vulnerable #880

danymarques opened this issue Jun 28, 2022 · 1 comment
Labels
bug Indicates an unexpected problem or unintended behavior

Comments

@danymarques
Copy link

Software versions

  • OS: MacOS Monterey 12.4
  • Consumer Pact library: @pact-foundation/pact@9.18.0
  • Node Version: v14.19.0

Issue Checklist

Please confirm the following:

  • I have upgraded to the latest
  • I have the read the FAQs in the Readme
  • I have triple checked, that there are no unhandled promises in my code and have read the section on intermittent test failures
  • I have set my log level to debug and attached a log file showing the complete request/response cycle
  • For bonus points and virtual high fives, I have created a reproduceable git repository (see below) to illustrate the problem

Expected behaviour

A green vulnerability scan.

Actual behaviour

Our vulnerability scanning is failing because of ramda. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42581

It would be nice if you could merge this PR: #879 and release a new version as all our pipelines are red now :-(
@danymarques danymarques added the bug Indicates an unexpected problem or unintended behavior label Jun 28, 2022
@mefellows
Copy link
Member

Fixed in 5005463.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Indicates an unexpected problem or unintended behavior
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mefellows @danymarques