-
Notifications
You must be signed in to change notification settings - Fork 673
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please update version of serialize-javascript in use by image dependencies #4008
Comments
Once mochajs/mocha#5109 is fixed then we can get that fix internally. This dependency shouldn't be present or used in production systems and is only used during tests. Can you verify that this package isn't present in your container? |
You actually raised a good question. I need to check something in the container. THis may not be for you to resolve. I will revert back shortly Russell |
Closing this story, the issue is actually originating from a repo i push into my docker container, not your image. Apologies. |
Describe the bug
The browserless container has
mocha
as a dependecy.Mocha
depends onserialize-javascript
version6.0.0
. There is a new version ofserialize-javascript
that addresses a vulnerability that appeared in our AWS container registry.https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607
To Reproduce
Steps to reproduce the behavior:
npm ls serialize-javascript
Expected behavior
Can we bump the version of
serialize-javascript
being used by depdencies to6.0.2
Screenshots
The text was updated successfully, but these errors were encountered: