Skip to content
This repository has been archived by the owner on May 5, 2023. It is now read-only.

Update vm2 to >=3.9.17 due to CVE-2023-30547 #26

Closed
nephridium opened this issue Apr 20, 2023 · 1 comment
Closed

Update vm2 to >=3.9.17 due to CVE-2023-30547 #26

nephridium opened this issue Apr 20, 2023 · 1 comment

Comments

@nephridium
Copy link

nephridium commented Apr 20, 2023
edited
Loading

Github reported critical vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-30547 for vm2 version < 3.9.17.

Current version for this lib is

node-degenerator/pnpm-lock.yaml

Line 2975 in df5bf70

/vm2/3.9.14:

There is already a PR for another vulnerability (#21), which bumps the version to 3.9.16, maybe bump it to 3.9.17 to fix this issue as well?
@nephridium nephridium changed the title Update vm2 to >=3.9.17 due to https://nvd.nist.gov/vuln/detail/CVE-2023-30547 Update vm2 to >=3.9.17 due to CVE-2023-30547 Apr 20, 2023
@shajz
Copy link

shajz commented Apr 21, 2023
edited
Loading

ping @TooTallNate (this package is a sub-sub-sub-(...)-sub dependency of datadog-ci)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@TooTallNate @shajz @nephridium