Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: cookie vulnerability #511

Closed
wants to merge 1 commit into from
Closed

fix: cookie vulnerability #511

wants to merge 1 commit into from

Conversation

SaraMansori
Copy link
Contributor

@SaraMansori SaraMansori commented Oct 29, 2024

Context

Currently we have a dependency with a low security vulnerability (cookie)

https://github.com/cabify/prom-react/security/dependabot/22

Solution

We are currently using the version 0.4.2 of the library cookie (not directly, but the project has msw as a dependency and msw has cookie as a dependency pinned to the version 0.4.2).

We cannot upgrade directly the version of cookie to the earliest fixed version (0.7.0), so we have to upgrade msw. The next version of msw is the 2.0.0, which means a major upgrade with various breaking changes.

For this we have to upgrade msw following this guide

@SaraMansori SaraMansori force-pushed the fix/dep-vulnerability branch from f4d6aa8 to 544ce34 Compare November 5, 2024 12:33
@carlostxm
Copy link
Contributor

Closing this PR as the vulnerability has been fixed in #516.

@carlostxm carlostxm closed this Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants