search

RetireJS / retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
https://retirejs.github.io/retire.js/
Other
3.66k stars 414 forks source link

Update next.js vuln: added required 'info' attribute #424

Closed bbossola closed 11 months ago

bbossola commented 11 months ago

Commmit 0a61d8bbb7483e972c4bb07f4cdd3e0963f452d8 ("Update next.js vuln") creates a new vulnerability entry where the "info" field is missing. This is causing downstream issues as such field is requested by some libraries using the feeed. This commit add the missing field with the correct value.

bbossola commented 11 months ago

@eoftedal please have a look

sgriffith3 commented 11 months ago

Also noticed this issue. It is causing our Jenkins build pipeline to break for a good bit of our code.

bbossola commented 11 months ago

Well let's hope the PR is merged soon. I did pont temporarily the repo to my fork to bypass the issue.

mariokorte commented 11 months ago

I hope this gets merged soon, otherwise I will have to edit our build pipeline...

eoftedal commented 11 months ago

Thanks for submitting this, @bbossola Even thought this field is not actually required for retire.js, I see that this is causing downstream issues. I have added a check for it in the repository validation script as well, to catch these in the future.