workato-integration[bot]
commented
6 months ago Closed ayemelyanenko-chegg closed 6 months ago
workato-integration[bot]
commented
6 months ago 
bizob2828
commented
6 months ago Hi. Yes, we don't own this but I'll try to find out who does internally and move this issue to the appropriate place.
ayemelyanenko-chegg
commented
6 months ago Hi, thanks @bizob2828
worc
commented
6 months ago CVE-2022-29622 was revoked by Snyk, but does still appear in other vulnerability databases as the NVD themselves never revoked their entry.
The contributors over on formidable had a long thread about this vulnerability a couple years ago. The general opinion over there seems to be that the vulnerability was filed in error. But there was an open question if the vulnerability was completely invalid or if it was valid, but actually at a lower risk level.
For us, I don't see a need to dive any deeper into the issue. Our version of formidable is out of date, and we will update it in an upcoming release of @newrelic/publish-sourcemap—likely it will be version 5.1.2.
worc
commented
1 month ago Vulnerability resolved in publish-sourcemap@v5.1.2
Description
There is a critical vulnerability for the @newrelic/publish-sourcemap library and it's getting picked up by our security scans and could become a blocker as the scans could block the ability to deploy. I know that this might not be the right place for the bug report but I was not able to find the right repository on Github in order to file this issue. Perhaps someone can help in reaching the team responsible for maintaining @newrelic/publish-sourcemap?
Expected Behavior
Vulnerability should be patched by updating formidable dependency to >=3.2.4
Troubleshooting or NR Diag results
Steps to Reproduce
Install @newrelic/publish-sourcemap package and run npm or yarn audit to get the critical violation report
Your Environment
Additional context
https://www.npmjs.com/advisories/1097147