-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump up grpc-node to 1.6.7 to fix CVE-2022-25878 #85
Conversation
What is this version bump up about? |
Our international business monitoring uses skywalking-nodejs, the security scanning tool aquasec reports high-risk vulnerabilities, and dependencies need to be upgraded. |
Two things
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please run npm i && npm run build
, and then include the package-lock.json into the codebase
ok |
package-lock.json
Outdated
"resolved": "https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.6.7.tgz", | ||
"integrity": "sha512-QzTPIyJxU0u+r2qGe8VMl3j/W2ryhEvBv7hc42OjYfthSj370fUrb7na65rG6w3YLZS/fb8p89iTBobfWGDgdw==", | ||
"version": "0.6.13", | ||
"resolved": "https://npm.zatech.online/@grpc%2fproto-loader/-/proto-loader-0.6.13.tgz", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you set a proxy? This should be changed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK,I update it
protobufjs/protobuf.js#1728