Security Changes
- Bump semver from 5.7.1 to 5.7.2 to fix Security vulnerability to Regular Expression Denial of Service - CWE-1333
- Bump sharp from 0.30.7 to 0.32.6 to fix Security vulnerability in libwebp dependency - CVE-2023-4863
- Fix CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), bumping
xml2js
to version 0.5.0 by upgrading the following packages:- Bump aws-sdk to 2.1499
- Bump lambda-local to 2.1.2
- Bump node-gyp to 10.0.1
- Also, the
request
package dependency, vulnerable to CWE-918: Server-Side Request Forgery (SSRF), has been removed fromnode-gyp
- Also, the
Maintenance
- Bump Node JS to 20.9.0
- Add test image file and notes about uploading it to the cache bucket