search

microsoft / PowerBI-visuals-tools

Contains tools for building/packaging Power BI visuals
https://www.powerbi.com
MIT License
332 stars 150 forks source link

async dependency in powerbi-visuals-tools 4.0.4 #415

Closed FoXTiSiTY closed 1 year ago

FoXTiSiTY commented 2 years ago

Hi,

I'm picking up 2 high vulnerabilities within the powerbi-visuals-tools@4.0.4 dependency that relates to the async@3.2.0 dependency. This has been fixed in >= async@3.2.2.

Can this please be fixed?

image image

spreusler commented 2 years ago

This is also a problem for us.

In particular, it affects the certification process. Without a fix, we cannot submit our visualization and receive a rejection:

"The npm audit command returns moderate or high level warnings. Please update the visual and re-submit your offer."

DominikGa commented 2 years ago

Same here.

FoXTiSiTY commented 2 years ago

@spreusler Yeah, we are busy with the certification process and also can't submit with this problem.

Demonkratiy commented 2 years ago

Sorry for a delay colleagues. We will publish new fix version very shortly. But just for information, about the certification process, to save your time in future, if there are any npm audit issues in the latest available powerbi-visuals-tools, so it is not your fault, you may proceed with certification process and submit your visual. Certification team should pass this moment. And to be 100% sure, you can also add a comment to the "Notes for Certification" and write a message to pbicvsupport@microsoft.com, describing the situation, so they will not miss that moment.

spreusler commented 2 years ago

Thank you @Demonkratiy ! Saw your pull request.