Closed GlieseRay closed 2 years ago
Good news, tunnel-ssh has just updated the dependencies ssh2 to 1.4.0, can we also have an update here ? Thanks!
https://github.com/agebrock/tunnel-ssh/commit/39a4f21a66745aa92d42a065a923e9ced567f7e9
"tunnel-ssh": "^4.0.0" will bring the latest tunnel-ssh in and could fix this issue. So close this one.
I'm submitting a...
Current behavior
The ssh2 version is fixed in tunnel-ssh which is one of the dependency of db-migrate. That version of ssh2 (0.5.4) has a security vulnerability reported in https://nvd.nist.gov/vuln/detail/CVE-2020-26301 and also in tunnel-ssh https://github.com/agebrock/tunnel-ssh/issues/88.
It seems tunnel-ssh has not been active for a long time, so just wondering is there is a plan to replace tunnel-ssh or something else. Thanks
Expected behavior
Minimal reproduction of the problem with instructions
What is the motivation / use case for changing the behavior?
Environment