search

aws / aws-sdk-js

AWS SDK for JavaScript in the browser and Node.js
https://aws.amazon.com/developer/language/javascript/
Apache License 2.0
7.59k stars 1.55k forks source link

update dependencies #4392

Closed yogeshhrathod closed 1 year ago

yogeshhrathod commented 1 year ago

Describe the bug

There are many dependencies in the library have deprecated or vulnerabilities which has been fixed but not updated, can we update the those libraries for security reasons.

Expected Behavior

NA

Current Behavior

NA

Reproduction Steps

NA

Possible Solution

No response

Additional Information/Context

No response

SDK version used

2.1354.0

Environment details (OS name and version, etc.)

windows

d2vid commented 1 year ago

At least v2.1357.0 bumps the xml2js version and fixes that vulnerability: https://github.com/aws/aws-sdk-js/commit/62847a45ae58deace88e58f75dfc09e0ae1c0b75

Here's the vulnerability: https://github.com/advisories/GHSA-776f-qx25-q3cc

RanVaknin commented 1 year ago

Hi @d2vid ,

As of version 2.1357.0 the xml2js vulnerability has been taken care of. Thanks for pointing that out.

@yogeshhrathod, Can you please be more specific about which libraries in particular need updating?

Thanks so much, Ran~

github-actions[bot] commented 1 year ago

This issue has not received a response in 1 week. If you still think there is a problem, please leave a comment to avoid the issue from automatically closing.