Update AWS SDK and Python version for LAMBDA/NodeJS due to security vulnerabilities

aws / aws-lambda-base-images

Apache License 2.0

647 stars 107 forks source link

Update AWS SDK and Python version for LAMBDA/NodeJS due to security vulnerabilities #103

Open jineshjin opened 1 year ago

jineshjin commented 1 year ago

Current AWS SDK in nodejs18.x is 3.188.0, Latest released version is 3.359.0 Current Python version is 2.7.x but should use Latest 3.x.x

Current vulnerabilities of NodeJS18.x

jineshjin commented 1 year ago

@aws-lambda-runtimes @krk @carlzogh

jineshjin commented 1 year ago

Reference: https://docs.aws.amazon.com/lambda/latest/dg/lambda-typescript.html#typescript-dev:~:text=nodejs18.x-,3.188.0,-Amazon%20Linux%202 Why it is still referencing the older SDK version?

guidobit commented 10 months ago

Lambda keeps each managed runtime up to date with security updates, bug fixes, new features, performance enhancements, and support for minor version releases. https://docs.aws.amazon.com/lambda/latest/dg/runtimes-update.html

Feel like AWS should both update this issue with an answer and the runtime dependencies.