purple4reina
commented
1 month ago Hi @luneo7, thanks for reaching out. We currently have a github action set up to run nightly to check for vulnerabilities using a variety of tools, yet we haven't seen any of these show up on the current version of the extension.
In order to investigate, can you please share with us which CVE analysis tool you are using, how you're calling it, and the version of the extension you are analysing? The most recent version of the extension is v65.
Our CVE analysis tools is throwing a bunch of warnings for CVEs coming from the DD Lambda Extension Layer:
Can you guys update the dependencies to handle those?