kevinschumacher
commented
8 months ago Dependabot security issue is no longer there (withdrawn? not sure) but sync-engine uses 2.10.6
Not sure if that impacts prioritization @nsaje ?
Closed nsaje closed 7 months ago
kevinschumacher
commented
8 months ago Dependabot security issue is no longer there (withdrawn? not sure) but sync-engine uses 2.10.6
Not sure if that impacts prioritization @nsaje ?
nsaje
commented
8 months ago It doesn't, we should still do this. It's not there because we ignored the alert in Vanta and created this issue to track the upgrade.
It was initially postponed because sync-engine was still using Redis v3 or something and we had to upgrade it to v7 first before upgrading this lib.
https://github.com/closeio/sync-engine/security/dependabot/18