Closed joshuanapoli closed 1 month ago
Since the @aws-sdk package versions are tightly pinned, it brings the vulnerability CVE-2024-41818 to all projects that depend on jest-dynmoadb.
@aws-sdk
I think that merging https://github.com/shelfio/jest-dynamodb/pull/215 would solve the problem.
Or we could loosen the version spec. This would also have the benefit to users of jest-dynamodb of not necessarily ending up with multiple versions of the SDK.
Thank you for releasing v3.5.0! It solves the transitive dependency ReDOS vulnerability alert.
Since the
@aws-sdk
package versions are tightly pinned, it brings the vulnerability CVE-2024-41818 to all projects that depend on jest-dynmoadb.I think that merging https://github.com/shelfio/jest-dynamodb/pull/215 would solve the problem.
Or we could loosen the version spec. This would also have the benefit to users of jest-dynamodb of not necessarily ending up with multiple versions of the SDK.