Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Security vulnerability [moderate] in `hosted-git-info`
See original GitHub issueExpected Behaviour
No security vulnerability related to Elastic APM.
Current Behaviour
I’m seeing a moderate security vulnerability being flagged from hosted-git-info which is a dependency of read-pkg-up.
Additional info:
moderate │ Regular Expression Denial of Service
Package │ hosted-git-info
Patched in │ >=2.8.9 <3.0.0 || >=3.0.8
Path | elastic-apm-node > read-pkg-up > read-pkg > normalize-package-data > hosted-git-info
Possible Solution
Patch hosted-git-info dependency or a dependency further upstream.
Steps to Reproduce
npm audit or yarn audit.
Context
Your Environment
| Executable | Version |
|---|---|
elastic-apm-node --version |
3.12.1 |
npm --version |
6.14.11 |
yarn --version |
1.22.10 |
node --version |
12.x |
| OS | Version | | MacOS | Catalina |
Issue Analytics
- State:
- Created 2 years ago
- Comments:9 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
All good, this is definitely coming from an earlier version in our lock file. Closing this, cheers!
(Note this is the same as https://github.com/elastic/apm-agent-nodejs/pull/2098 that was recently opened – and closed by me.)