-
Notifications
You must be signed in to change notification settings - Fork 285
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(cactus-example-supply-chain-app): mitigate CVE-2022-24434 and CVE-2022-24999 #2242
fix(cactus-example-supply-chain-app): mitigate CVE-2022-24434 and CVE-2022-24999 #2242
Conversation
Hello @petermetz , Most of the vulnerabilities are now fixed in cactus-example-supply-chain-app but there are still some that is not yet fixed as you can see here. The only vulnerability (CVE-2022-2421) is still a vulnerability because the latest version of the package that is being used is still the affected version. The changes committed on this PR will fix the 3 out of the 4 remaining vulnerabilities (CVE-2022-24434, CVE-2022-24999, and CVE-2022-24999) once the changes are applied and the new version is released and the packages are updated just like the v1.1 release. |
c5cd121
to
025e788
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
025e788
to
90d8e8a
Compare
90d8e8a
to
5ea5f51
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@aldousalvarez LGTM, thank you!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@aldousalvarez Sorry, my bad, I do need to ask that you put CVE IDs in the commit subject so that it's unique across the commit log. Other than that, we are good to go.
️✅ There are no secrets present in this pull request anymore.If these secrets were true positive and are still valid, we highly recommend you to revoke them. 🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request. |
2d5cd84
to
9caa028
Compare
Hello @petermetz also updated the commit subject and PR title as from your requested changes on this one. Thank you. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@aldousalvarez Great, thank you for the updates, LGTM!
…-2022-24999 Fixes hyperledger-cacti#2041 These changes will fixx the following vulnerabilities with their CVE IDs: - CVE-2022-24434 - CVE-2022-24999 (express) - CVE-2022-24999 (qs) Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
9caa028
to
d28d5e8
Compare
Fixes #2041
Signed-off-by: aldousalvarez aldousss.alvarez@gmail.com