search

carbon-design-system / ibm-products

A Carbon-powered React component library for IBM Products
https://ibm-products.carbondesignsystem.com
Apache License 2.0
97 stars 137 forks source link

PSIRT vulnerability for glob-parent CVE-2021-35065 - v0.x #2099

Closed joshualiu closed 2 years ago

joshualiu commented 2 years ago

What package(s) are you using?

Detailed description

Describe in detail the issue you're having.

PSIRT vulnerability issue CVE-2021-35065 for glob-parent@5.1.2, found in @carbon/ibm-cloud-cognitive @0.x

What did you expect to happen? What happened instead? What would you like to see changed?

Updating the dependency @carbon/telemetry to @^0.1.0

What version of the @carbon/ibm-products (or @carbon/ibm-cloud-cognitive) package are you using?

0.65.0, we tried updating to 0.99.1

Additional information

Screen Shot 2022-07-14 at 3 30 23 PM

https://exchange.xforce.ibmcloud.com/vulnerabilities/208298

matthewgallo commented 2 years ago

Hey @joshualiu, this appears to be already fixed in newer versions (specifically @carbon/telemetry was upgraded to 0.1.0 in @carbon/ibm-products@1.12.0).

Let us know if there is more we can do to help!