search

microsoft / botbuilder-js

Welcome to the Bot Framework SDK for JavaScript repository, which is the home for the libraries and packages that enable developers to build sophisticated bot applications using JavaScript.
https://github.com/Microsoft/botframework
MIT License
680 stars 276 forks source link

botframework-connector 4.23.0 uses a vulnerable version of semver #4754

Closed guy-microsoft closed 3 weeks ago

guy-microsoft commented 3 weeks ago

botframework-connector 4.23.0 -> browserify-fs 1.0.0 -> levelup 0.18.6 -> semver ~2.3.1 and bl ~0.8.1.

This needs to be addressed asap.

tracyboehrer commented 3 weeks ago

Included in next patch. Closing since policy requires us to not advertise vulnerabilities. We get notifications automatically from our builds.