Depencency on a vulnerable version of simple-git

DataDog / serverless-plugin-datadog

Serverless plugin to automagically instrument your Lambda functions with Datadog

Apache License 2.0

96 stars 49 forks source link

Depencency on a vulnerable version of simple-git #325

Closed trygve-aaberge-adsk closed 1 year ago

trygve-aaberge-adsk commented 1 year ago

The latest version of serverless-plugin-datadog (5.13.0) transitively depends on a vulnerable version of simple-git via the dependency on @datadog/datadog-ci 1.13.3.

See here for details about the vulnerability: https://github.com/advisories/GHSA-9p95-fxvg-qgq2

Could you please update it?

sfirrin commented 1 year ago

Hi @trygve-aaberge-adsk, thanks for opening this issue

I've just merged the PR linked above to update our datadog-ci version and released the change in https://github.com/DataDog/serverless-plugin-datadog/releases/tag/v5.14.1

trygve-aaberge-adsk commented 1 year ago

Thanks!