Skip to content

vulnerable TaffyDB dependency #251

New issue
New issue
Closed
Closed
vulnerable TaffyDB dependency#251
Assignees
alexander-fenster
Labels
priority: p2Moderately-important priority. Fix may not be included in next release.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.
@robertIsaac

Description

@robertIsaac
robertIsaac
opened on Feb 4, 2023

TaffyDB is vulnerable with high Severity
this comes as indirect dependency of yours (google-gax -> protobufjs-cli -> jsdoc -> TaffyDB)
right now jsdoc has released a version without TaffyDB, and protobufjs-cli has released a new version 1.1.0 to update their jsdoc version to fix it
but google-gax is locked to version 1.0.2 of protobufjs-cli
so you need to update to version 1.1.0 of protobufjs-cli to fix this

Metadata

Metadata

Assignees

Labels

priority: p2Moderately-important priority. Fix may not be included in next release.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions