Closed micchickenburger closed 1 year ago
Dependabot created a PR for this: https://github.com/lazywithclass/winston-cloudwatch/pull/216
# npm audit report vm2 * Severity: critical vm2 Sandbox Escape vulnerability - https://github.com/advisories/GHSA-cchq-frgv-rjh5 vm2 Sandbox Escape vulnerability - https://github.com/advisories/GHSA-g644-9gfx-q4q4 fix available via `npm audit fix --force` Will install winston-cloudwatch@3.0.2, which is a breaking change node_modules/vm2 degenerator >=3.0.0 Depends on vulnerable versions of vm2 node_modules/degenerator pac-resolver >=5.0.0 Depends on vulnerable versions of degenerator node_modules/pac-resolver pac-proxy-agent >=5.0.0 Depends on vulnerable versions of pac-resolver node_modules/pac-proxy-agent proxy-agent >=5.0.0 Depends on vulnerable versions of pac-proxy-agent node_modules/proxy-agent winston-cloudwatch >=3.1.0 Depends on vulnerable versions of proxy-agent node_modules/winston-cloudwatch
When will this be merged we are anxiously waiting for this fix...
Dependabot created a PR for this: https://github.com/lazywithclass/winston-cloudwatch/pull/216