Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: remove archive:generate command to address vulnerabilities #535

Conversation

derevnjuk
Copy link
Member

Removes the archive:generate command and its associated dependencies (request, request-promise, and capture-har) to fix security vulnerabilities CVE-2023-28155 and CVE-2023-26136.

@derevnjuk derevnjuk added Type: bug Something isn't working. Type: dependencies Pull requests that update a dependency file. labels Apr 17, 2024
@derevnjuk derevnjuk self-assigned this Apr 17, 2024
Removes the `archive:generate` command and its associated dependencies (`request`, `request-promise`, and `capture-har`) to fix security vulnerabilities CVE-2023-28155 and CVE-2023-26136.
@derevnjuk derevnjuk force-pushed the fix/remove-`archivegenerate`-command-to-address-vulnerabilities branch from de23d37 to e7f637e Compare April 17, 2024 11:34
@derevnjuk derevnjuk marked this pull request as ready for review April 17, 2024 11:36
@derevnjuk derevnjuk merged commit 97f9efd into next Apr 17, 2024
4 checks passed
@derevnjuk derevnjuk deleted the fix/remove-`archivegenerate`-command-to-address-vulnerabilities branch April 17, 2024 11:37
derevnjuk added a commit that referenced this pull request Apr 17, 2024
BREAKING CHANGE: the `archive:generate` command and its associated dependencies
(`request`, `request-promise`, and `capture-har`) has been removed to fix security
vulnerabilities [CVE-2023-28155](GHSA-p8p7-x288-28g6) and [CVE-2023-26136](GHSA-72xf-g2v4-qvf3).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Type: bug Something isn't working. Type: dependencies Pull requests that update a dependency file.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant