opencensus-php icon indicating copy to clipboard operation
opencensus-php copied to clipboard
verified publisher icon census-instrumentation

[Vulnerability] Remove laravel examples & tests to avoid vulnerability show up

Open adolsalamanca opened this issue 3 years ago • 3 comments

Description

  • We are getting errors from our vulnerability analysis tool regarding opencensus lib that are pointing to Laravel usage in examples and tests.

Changes

  • SImply remove laravel project from /examples folder to avoid vulnerability being detected as part of the lib.
  • Also remove laravel folder from tests including step from CI to run tests using it.

adolsalamanca avatar Apr 26 '22 14:04 adolsalamanca

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

For more information, open the CLA check for this pull request.

google-cla[bot] avatar Apr 26 '22 14:04 google-cla[bot]

this is the vulnerability detected: https://nvd.nist.gov/vuln/detail/CVE-2021-36804

adolsalamanca avatar Apr 26 '22 15:04 adolsalamanca

An alternative would be to port Laravel example to safe versions.

adolsalamanca avatar Apr 26 '22 15:04 adolsalamanca