lens: fixes all trivy detectable CVEs by upgrading vitest

openzipkin / zipkin

Zipkin is a distributed tracing system

https://zipkin.io/

Apache License 2.0

17.02k stars 3.09k forks source link

lens: fixes all trivy detectable CVEs by upgrading vitest #3728

Closed codefromthecrypt closed 9 months ago

codefromthecrypt commented 9 months ago

By upgrading vitest and running npm install, trivy no longer detects any CVEs.

$ trivy repo . --scanners vuln
2024-02-16T10:32:11.536+0800    INFO    Vulnerability scanning is enabled
2024-02-16T10:32:18.009+0800    INFO    Number of language-specific files: 19
2024-02-16T10:32:18.009+0800    INFO    Detecting pom vulnerabilities...
2024-02-16T10:32:18.024+0800    INFO    Detecting npm vulnerabilities...

Thanks @SamTV12345 for updating us to vite, which now gets us off people's radar!

codefromthecrypt commented 9 months ago

actually I also ran npm audit fix after npm install... I should have mentioned that.