-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
High Risk Security Issue Reported by Snyk #7358
Comments
@maya-jonlarracas Thanks for posting! We'll take a look as soon as possible. In the mean time, there are a few ways you can help speed things along:
Please remember: never post in a public forum if you believe you've found a genuine security vulnerability. Instead, disclose it responsibly. For help with questions about Sails, click here. |
Is cross-spawn library still being used? I noticed that it is an unused dependency. |
@maya-jonlarracas Thanks for reporting this. We'll publish an update for |
its all against code of conduct and and wrongly used |
Node version: v20.10.0
Sails version (sails): 1.5.13
ORM hook version (sails-hook-orm): N/A
Sockets hook version (sails-hook-sockets): N/A
Organics hook version (sails-hook-organics): N/A
Grunt hook version (sails-hook-grunt): N/A
Uploads hook version (sails-hook-uploads): N/A
DB adapter & version (e.g. sails-mysql@5.55.5): N/A
Skipper adapter & version (e.g. skipper-s3@5.55.5): N/A
The dependency of
sails-generate
,cross-spawn 4.0.2
has a High Vulnerability in Snyk which is fixed in 7.0.5.We are using the latest version sails 1.5.13 and detected the issue after scanning with Snyk.
Summary of the vulnerability can be found here:
https://security.snyk.io/package/npm/cross-spawn
The text was updated successfully, but these errors were encountered: