Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Vulnerable dependancy
See original GitHub issueBug Report
Description
If a yarn or npm audit is part of the CI/CD builds will fail. Raising the issue here because there has been no action on the issue in the library.
- What did you do? npm audit or yarn audit
- What happened? serverless fails because of this https://www.npmjs.com/advisories/1217
- What should’ve happened? serverless passes
- What’s the content of your
serverless.ymlfile? N/A - What’s the output you get when you use the
SLS_DEBUG=*environment variable (e.g.SLS_DEBUG=* serverless deploy) N/A
Similar or dependent issues:
Issue Analytics
- State:
- Created 4 years ago
- Reactions:28
- Comments:21 (14 by maintainers)
Top Results From Across the Web
What are Vulnerable Dependencies?
When a security vulnerability is found in a third-party dependency, and a new version with a fix is released, it is the responsibility...
Read more >Vulnerable Dependency Management Cheat Sheet
The vulnerable dependency is found during one of the following situation in which the provider is not aware of the vulnerability: Via the...
Read more >Vulnerabilities in Dependencies: What You Need to Know
Here's what you need to know about the vulnerabilities in dependencies, third party components and open source.
Read more >Dependency Vulnerability Assessment - CISA
Dependency Vulnerability Assessment ... Examples of fundamental functions include food, shelter, economy, healthcare, education, and government. Since ...
Read more >Remediating vulnerable dependencies
In operating a system with a dependency scan you'll find that vulnerabilities do pop up in your dependencies, and this is a guide...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
It’s great to hear that! With next release (coming today or on Monday latest) we’ll have those dependencies bumped.
The latest versions of both decompress and download should resolve this issue. The NPM advisory has been updated as well: https://www.npmjs.com/advisories/1217