Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove indirect usage of vulnerable package whilp/git-urls #3409

Open
grinish21 opened this issue Jan 2, 2025 · 0 comments
Open

Remove indirect usage of vulnerable package whilp/git-urls #3409

grinish21 opened this issue Jan 2, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@grinish21
Copy link

grinish21 commented Jan 2, 2025
edited
Loading

Describe the bug
Currently there is an indirect dependency on github.com/whilp/git-urls which comes from https://github.com/argoproj/notifications-engine. The notification-engine repo is updated but a new tag hasn't been released.
Fix: argoproj/notifications-engine@f485671

whilp/git-urls repo has a vuln and the repo is inactive -> whilp/git-urls#28

Additional context
There is no direct problem as such more of a security concern on using something that is vulnerable and has been fixed already.

Message from the maintainers:

If you wish to see this enhancement implemented please add a 👍 reaction to this issue! We often sort issues this way to know what to prioritize.
@grinish21 grinish21 added the bug Something isn't working label Jan 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@grinish21