Tag 1.0.0 uses vulnerable Redis version

hubotio / hubot-redis-brain

A hubot script to persist hubot's brain using redis

69 stars 55 forks source link

Tag 1.0.0 uses vulnerable Redis version #44

Closed nwbreneman closed 1 year ago

nwbreneman commented 1 year ago

Tag 1.0.0 here and in the npm repository depends on Redis version ^2.7.1. There is a high severity vulnerability in Redis versions 2.6.0 - 3.1.0 (https://github.com/advisories/GHSA-35q2-47q7-3pc3). I see commit 2ab8963 bumped the Redis dependency version but was not tagged for release; could we tag that to resolve security alerts?

scarolan commented 1 year ago

Yes please. We have the same security alert with our hubot.

YulianaPoliakova commented 1 year ago

We have the same issue with our hubot.

joeyguerra commented 1 year ago

Checkout the latest version. It's been updated.