UniversalViewer
Mitigate vulnerabilities from using OpenCollective
UV version:
[email protected]
I'm submitting a:
- [x] bug report
- [ ] feature request => please use the user stories repo
- [ ] support request => Please do not submit support requests here, use stackoverflow
Current behavior:
There are a couple of vulnerabilities reported for modules used by OpenCollective 1.0.3. There may not be any possible mitigation in UV - Moving to a later version once OpenCollective has addressed the problems may be a solution?
OpenCollective and lodash Introduced through:
- [email protected] › @universalviewer/[email protected] › @universalviewer/[email protected] › [email protected]
- [email protected] › [email protected] › [email protected] › [email protected]
- CWE-400: Uncontrolled Resource Consumption
OpenCollective and minimist Introduced through:
Expected behavior:
Mitigated vulnerabilities,
Steps to reproduce:
Related code:
// insert any relevant code here
Other information:
We should remove this dependency. OC have confirmed that they're not going to update it.
All issues will be triaged for further investigation or closure by the 28 September 2023. If your issue is still relevant and would like for it be investigated further please comment by 14 September 2023.
