-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
openSCA对框架依赖扫描结果中的漏洞问题 #270
Comments
可以去给 egg-socket.io 提 pr 吧,这个插件我没有使用场景,目前没法参与维护。 |
mocha 只用于单测环境,可以忽略。 |
第三条semver能解决吗 |
|
fengmk2
added a commit
to eggjs/egg-cluster
that referenced
this issue
Jun 3, 2024
fengmk2
added a commit
to eggjs/egg-cluster
that referenced
this issue
Jun 3, 2024
fengmk2
added a commit
to eggjs/egg-cluster
that referenced
this issue
Jun 3, 2024
https://security.snyk.io/package/npm/semver eggjs/egg-bin#270 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Added a new script to manage contributors automatically in the project. - **Documentation** - Updated README to include a list of contributors with their GitHub profiles and avatars. - **Refactor** - Replaced deprecated message logging with `console.warn` for HTTPS configuration. - Removed `semver` dependency and simplified related logic in the project. - **Chores** - Updated Node.js CI workflow to include an additional Node.js version and added `CODECOV_TOKEN` secret. - Updated `semver` version in `package.json` and added `git-contributor` dependency. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
首先非常感谢大佬前几天帮忙解决了egg-security中的间接依赖项的版本漏洞问题,目前项目在openSCA扫描结果中还存在5个间接依赖问题,不太好解决,还请大佬帮忙升级一下间接依赖:
The text was updated successfully, but these errors were encountered: