Skip to content
This repository has been archived by the owner on May 5, 2023. It is now read-only.

Critical vulnerability in vm2 dependency #15

Closed
toastyghost opened this issue Feb 10, 2022 · 2 comments
Closed

Critical vulnerability in vm2 dependency #15

toastyghost opened this issue Feb 10, 2022 · 2 comments

Comments

@toastyghost
Copy link

Just got this from Snyk:

vm2-vuln

Fix is straightforward, just update the package and republish
@oguzhand95 oguzhand95 mentioned this issue Feb 15, 2022
Closed
@robdmoore
Copy link

robdmoore commented Feb 17, 2022
edited
Loading

For some reason I'm not able to use npm-force-resolutions to force this dependency to upgrade like I normally would.

This is a deep depedency of (I'm sure many other libraries too) aws-cdk.

Any chance the PR can get merged and released given the criticality of this vulnerability @TooTallNate 🙏?

@robdmoore
Copy link

Thanks @TooTallNate!

basvandorst added a commit to basvandorst/node-degenerator that referenced this issue Apr 11, 2023
@basvandorst
[Security] Bump vm2 to 3.9.15 (TooTallNate#15)
05ddc01
@basvandorst basvandorst mentioned this issue Apr 11, 2023
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Upgrade vm2 from 3.9.3 to 3.9.7
[Security] Bump vm2 to 3.9.15 (#15) basvandorst/node-degenerator
2 participants
@toastyghost @robdmoore