Security vulnerability - need to update unleash-client dependency #81
Assignees
Labels
bug
Something isn't working
Comments
|
Ah! This appears to be fixed in 1.4.4-beta.0 (although it's not noted in the tag description) |
|
We will ship new version today. I checked and this SDK doesn't use the vulnerable package, because it doesn't support "IP" and "Hostname" strategies. |
github-project-automation
bot
moved this from Support rotation
to Done
in Issues and PRs
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
This is the vulnerability: GHSA-2p57-rm9w-gvfp
It was fixed in unleash-client-node 5.5.4: Unleash/unleash-client-node#622
Steps to reproduce the bug
No response
Expected behavior
No response
Logs, error output, etc.
No response
Screenshots
No response
Additional context
No response
Unleash version
5.6.6
Subscription type
Open source
Hosting type
Self-hosted
SDK information (language and version)
[email protected] (and possibly other dependents of unleash-client-node?)
The text was updated successfully, but these errors were encountered: