aws-sdk version could use updating (Security)
iDVB opened this issue · 3 comments
Apparently aws-sdk
<2.178.0
has a potential vulnerability that is now fixed in >=2.178.0
.
https://snyk.io/test/npm/dynogels/8.0.1?severity=high&severity=medium&severity=low
Isn't this module only actually used when bundled for a browser? Dynogels is not designed to run in a browser -- you're typically not performing database operations from the frontend.
@cdhowie you're likely correct. However, that dep currently and validly fires off read flags for Snyk.io and the version of aws-sdk
that dynogels
currently uses could simply be updated to even just v2.178.0
(not latest) and would still correct the issue.
Shouldn't aws-sdk
be a peer dependency anyway? Or since the version differences are only minor
aren't the chances high that this would be an non-breaking change to dynogels
?