Closed RayceeM closed 1 year ago
Because of a security vulnerability issue on fast-xml-parser package that was fixed on their latest version 4.2.4, an upgrade of @aws-sdk/client-lambda dependency will be highly appreciated to fix the vulnerability for projects using serverless-offline
fast-xml-parser
4.2.4
@aws-sdk/client-lambda
serverless-offline
Current Behavior
The current serverless-offline npm package has an outdated@aws-sdk/client-lambda which is missing a security fix applied on fast-xml-parser
Expected behavior/code
The new serverless-offline npm package will have updated @aws-sdk/client-lambda that will contain the security fix on fast-xml-parser
Environment
serverless
node.js
OS
Possible Solution upgrade @aws-sdk/client-lambda to the latest stable version and create a new serverless-offline release
Any update on this ? Some of our pipelines got stall because of this
I've created the PR #1717 to fix the failing tests.
Bug Report
Because of a security vulnerability issue on
fast-xml-parser
package that was fixed on their latest version4.2.4
, an upgrade of@aws-sdk/client-lambda
dependency will be highly appreciated to fix the vulnerability for projects usingserverless-offline
Current Behavior
The current
serverless-offline
npm package has an outdated@aws-sdk/client-lambda
which is missing a security fix applied onfast-xml-parser
Expected behavior/code
The new
serverless-offline
npm package will have updated@aws-sdk/client-lambda
that will contain the security fix onfast-xml-parser
Environment
serverless
version: 3.27.0serverless-offline
version: 12.0.4node.js
version: 16.17.0OS
: macOS Ventura 13.4Possible Solution upgrade
@aws-sdk/client-lambda
to the latest stable version and create a newserverless-offline
release