Skip to content

/prometheus

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prometheus third-party javascript is stale and vulnerable #4563

Closed
nim-nim opened this Issue Aug 29, 2018 · 1 comment

Comments

Assignees
No one assigned
Labels
component/ui help wanted
Projects
None yet
Milestone
No milestone
2 participants
@nim-nim @simonpasquier
@nim-nim
Copy link

nim-nim commented Aug 29, 2018

For example

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18214

(prometheus bundles 2.16.0)

The javascript vendoring needs a refresh, and probably a switch to a build process that uses npm or yarn (like grafana)

@simonpasquier simonpasquier added component/ui help wanted labels Aug 29, 2018

@noqcks noqcks referenced this issue Sep 29, 2018

Merged

Update moment.js and moment-timezone.js #4679

@brian-brazil brian-brazil closed this in #4679 Oct 10, 2018

@nim-nim

This comment has been minimized.

Sign in to view
Copy link
Author

nim-nim commented Oct 10, 2018

Thanks a lot !

@lock lock bot locked and limited conversation to collaborators Apr 8, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.