Second protobufjs CVE requiring a major version upgrade #311
Labels
impact/security
kind/bug
Some behavior is incorrect or out of spec
resolution/fixed
This issue was fixed
Milestone
What happened?
When installing this package, you are warned of high severity CVEs.
CVE-2022-25878 was addressed, GHSA-g954-5hwp-pp24
CVE-2023-36665 was not, GHSA-h755-8qp9-cq85
protobufjs/protobuf.js#1741
https://github.com/pulumi/pulumi-policy/blob/master/sdk/nodejs/policy/package.json#L16
Expected Behavior
Witness no CVEs warnings when installing the package.
Steps to reproduce
Output of
pulumi about
Additional context
Downgrading to 6.9.0 might also fix it.
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered: