You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a Dependabot alert in a repo which uses Dynamoose:
fast-xml-parser vulnerable to Regex Injection via Doctype Entities
The latest possible version that can be installed is 4.1.2 because of the following conflicting dependency: [email protected] requires [email protected] via a transitive dependency on @aws-sdk/[email protected]
The earliest fixed version is 4.2.4.
I noted this PR opened by Dependabot here in Dynamoose repo: #1610 - this would solve the issue, given that the alert above is classified as "High Severity", is there a timeline for this to be released?
Summary:
About a week ago, I have followed these steps https://github.com/dynamoose/dynamoose/security/policy but got no reply, so I'm raising this as a feature request here.
I have a Dependabot alert in a repo which uses Dynamoose:
I noted this PR opened by Dependabot here in Dynamoose repo: #1610 - this would solve the issue, given that the alert above is classified as "High Severity", is there a timeline for this to be released?
Code sample:
Schema
Model
General
Environment:
Operating System: // N/A
Operating System Version: // N/A
Node.js version (
node -v
): 16.19.1NPM version: (
npm -v
): 6.14.13Dynamoose version: 3.2.0
Other information (if applicable):
Other:
The text was updated successfully, but these errors were encountered: