Closed iDVB closed 5 years ago
Isn't this module only actually used when bundled for a browser? Dynogels is not designed to run in a browser -- you're typically not performing database operations from the frontend.
@cdhowie you're likely correct. However, that dep currently and validly fires off read flags for Snyk.io and the version of aws-sdk
that dynogels
currently uses could simply be updated to even just v2.178.0
(not latest) and would still correct the issue.
Shouldn't aws-sdk
be a peer dependency anyway? Or since the version differences are only minor
aren't the chances high that this would be an non-breaking change to dynogels
?
Closing this as a duplicate of #148, which has a subtask of updating dependencies to satisfy bitHound (which checks for vulnerabilities).
Apparently
aws-sdk
<2.178.0
has a potential vulnerability that is now fixed in>=2.178.0
.https://snyk.io/test/npm/dynogels/8.0.1?severity=high&severity=medium&severity=low