Closed xmlking closed 3 months ago
Hi, thanks for the contribution, this and other updates were covered in our monthly scheduled though:
https://github.com/nhost/hasura-auth/pull/493
Otherwise let us know. Thanks!
@dbarrosop I scanned 0.28.0
looks like we also need to lock execa "execa@<=0.10.0": ">=2.0.0",
currently it is showing critical GMS-2020-2
I suspect it is a false positive but if you want to open a PR to make your scanner happy be my guest:
$ pnpm audit
No known vulnerabilities found
Keep in mind that dependency is only used during tests.
good to know, it is only used for tests.
found it when I scan docker image with docker scout cves nhost/hasura-auth:0.28.0
It would be just peace of mind and easy to convince managers to approve :)
I will PR "execa@<=0.10.0": ">=2.0.0",
if you don't mind.
Thanks
Before submitting this PR: update 3 dependencies to fix CVE alerts
Checklist
Breaking changes
Avoid breaking changes and regressions. If you feel it is unavoidable, make it explicit in your PR comment so we can review it and see how to handle it.
Tests
make test
or themake watch
command).Documentation
Please make sure the documentation is updated accordingly, in particular: