Security Alert - Package: url-parse; Severity: MODERATE;

Question

Security Alert - Package: url-parse; Severity: MODERATE;

Closed this issue 3 years ago · 2 comments

    A new vulnerability has been reported by Dependabot. The criticality of this vulnerability is MODERATE.

    MODERATE vulnerabilities have an SLA of 60 days according to our policy.

    Affected package: url-parse
    Ecosystem: NPM
    Affected version range: < 1.5.2

    Fixed Version: 1.5.2
    Created Date = October 06, 2021

    ***Additional Context***
    https://github.com/Recidiviz/supervision-success-component/security/dependabot?q=is%3Aopen+sort%3Anewest

Answer 1 · 2021-10-06T20:25:31.000Z

@phenggeler one ticket question for you: I had previously been using labels with "Severity: XYZ" but I see you gave this a label of "Security: MODERATE". We should do whatever you want to within the context of cross-org vulnerability tracking, but wanted to highlight this just in case there's a growing inconsistency!

Answer 2 · 2021-10-06T20:36:32.000Z

Ah, thanks for catching that @jessex - I've been exploring a script to automate this and have been running it locally. I've modified the label to be "Severity" and not "Security"