-
The current `public.ecr.aws/lambda/python:3.12` image includes a a number of 'high' vulnerabilities as reported by Snyk:
https://security.snyk.io/vuln/SNYK-AMZN2023-LIBNGHTTP2-6729276
https://secu…
-
Snyk has created this PR to upgrade electron-updater from 6.3.2 to 6.3.3.
:infor…
-
It would be useful to have a GitHub Action for parlay, to make it easier to use as part of a pipeline. Speculating around the interface:
```yaml
uses: snyk/parlay/action@v0
with:
input:
en…
-
create a new "test" workflow that will scan the image.
do not fail the deployment yet
-
Hello !!
It has been identified that bcrypt@5.1.1 introduces a missing release of resource after effective lifetime vulnerability via a transitive dependency. The vulnerability is linked to the pac…
-
Hi there, I'm Carwin working at Snyk.
This issue is a discussion topic for tracking some changes to Snyk's feed delivery.
We'd like to change from the current delivery model to one which is more…
-
**Describe the bug**
It appears you are using an archived version of adl4j which has a vulnerability: https://github.com/AzureAD/azure-activedirectory-library-for-java/issues/309
It seems you need t…
-
Please upgrade the jackson dependencies.
Dependencies (13)
Dependency: MAVEN - commons-codec:commons-codec:1.11:jar
Dependency: MAVEN - commons-logging:commons-logging:1.1.3:jar
De…
-
### What happened?
Hi,
IMO this fork of https://github.com/kangax/html-minifier is still vulnerable to CVE-2022-37620 as the regex in the `candidate` variable is still the same.
References :
h…
-
I have the following required packages in go.mod:
`github.com/jackc/pgx/v5 v5.6.0`
`github.com/jmoiron/sqlx v1.3.5`
My code imports:
`"github.com/jmoiron/sqlx"`
`"_ github.com/jackc/pgx/v5/stdl…