Closed chip-astg closed 1 year ago
charoitel
commented
1 year ago @chip-astg, please update your canvas layer by deploying the latest version through AWS Serverless Application Repository, or creating a new version of your deployment by uploading the latest version from Releases. Thank you.
chip-astg
commented
1 year ago I deployed it a few days ago. It is the latest version canvas@2.11.2
I downloaded the layer as a zip. package-lock.json contains semver 6.0.0 and 6.3.0 in addition to 7.5.3. Perhaps Amazon Inspector is finding those?
charoitel
commented
1 year ago Would do some more round of works here and target to release in next release. Thank you~
charoitel
commented
1 year ago A new maintenance release is available through AWS Serverless Application Repository. I have tested in my Lambda with Amazon Inspector, haven't found any issue so far. Please deploy and try again. Thank you.
Amazon Inspector found a security issue with the current version of lambda-layer-canvas-nodejs
In package semver, version 6.3.0 has a Severity High vulnerability. The vulnerability is resolved in version 7.5.2
https://nvd.nist.gov/vuln/detail/CVE-2022-25883
Note that no other vulnerabilities were identified.