-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Application Dependency Vulnerabilities #3
Comments
Stratus being updated will done over the next couple of months. |
Update for Version 4.8.0Frontendmost of these vulnerabilities can be auto-fixed 24 vulnerabilities (1 low, 7 moderate, 16 high) details body-parser <1.20.3 braces <3.0.3 es5-ext 0.10.1 - 0.10.62 follow-redirects <=1.15.5 ip * micromatch <4.0.8 path-to-regexp <0.1.10 rollup <3.29.5 send <0.19.0 tar <6.2.1 webpack 5.0.0-alpha.0 - 5.93.0 webpack-dev-middleware <=5.3.3 ws 8.0.0 - 8.17.0 backendIn addition to the following findings, the go version itself v1.21 is unsupported now (latest: v1.23) Vulnerability #1: GO-2024-3106 Vulnerability #2: GO-2024-2687 Vulnerability #3: GO-2024-2611 Your code is affected by 3 vulnerabilities from 2 modules and the Go standard library. |
Stratos Version
Version: 4.4.0
Frontend Deployment type
Backend (Jet Stream) Deployment type
Expected behaviour
Address Critical applicaiton dependency vulnerabilities.
I am not a developer, I just support the Stratos UI that is used with our internal deployment of Cloud Foundry. We have clone of this repository in our Enterprise Version of GitHub and our security team has enabled Dependabot to help with vulnerabilities. Due to these critical vulnerabilities, we have been asked to stop using this UI as part of our Cloud Foundry deployment. We would like to continue to use Stratos, as our internal customers prefer Stratos to the home grown Cloud Foundry UI that was developed. Would someone in the community be willing to have a look at remeidating the application dependencies in the Stratos UI?
Actual behaviour
Need to have Dependabot recommendations resolved.
Steps to reproduce the behavior
Turn on dependabot recommendations for the community repostiory for Stratos.
Log output covering before error and any error statements
Detailed Description
Context
Possible Implementation
The text was updated successfully, but these errors were encountered: