-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Bump up grpc-node to 1.6.7 to fix CVE-2022-25878 #85
Conversation
What is this version bump up about? |
Our international business monitoring uses skywalking-nodejs, the security scanning tool aquasec reports high-risk vulnerabilities, and dependencies need to be upgraded. |
Two things
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please run npm i && npm run build
, and then include the package-lock.json into the codebase
ok |
package-lock.json
Outdated
"resolved": "https://registry.npmjs.org/@grpc/proto-loader/-/proto-loader-0.6.7.tgz", | ||
"integrity": "sha512-QzTPIyJxU0u+r2qGe8VMl3j/W2ryhEvBv7hc42OjYfthSj370fUrb7na65rG6w3YLZS/fb8p89iTBobfWGDgdw==", | ||
"version": "0.6.13", | ||
"resolved": "https://npm.zatech.online/@grpc%2fproto-loader/-/proto-loader-0.6.13.tgz", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you set a proxy? This should be changed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK,I update it
protobufjs/protobuf.js#1728