Actions
Bug #40176
closedmgr/dashboard: Known high severity security vulnerability detected in js-yaml < 3.13.1
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
General
Target version:
-
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Details: https://www.npmjs.com/advisories/813
Severity left to minor as after checking which packages use js-yaml, it turns out to come in as a dependency from build/dev-only packages: tslint (development tool), and build-angular via cosmiconfig.
Update suggested: js-yaml ~> 3.13.1.
Updated by Ernesto Puerta about 3 years ago
- Project changed from mgr to Dashboard
- Category changed from 132 to General
Actions