CVE-2022-21713? is this an issue? #1632
-
|
from what I can see this repo make use of version 8.3.4 which is impacted, and the advisory needs it to be 8.3.5 from what i can see here - its not being picked up am i correct and this needs to be raised as an issue? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Yep, your assumptions are right. We have a bot that sends weekly (I think) updates to all our versions, so there should be an automated PR soon that will bump the version. As it's just the default version I think we can wait until then. For people that want to run the patch version right away, there's always the option to set it explicitly to 8.3.5. |
Beta Was this translation helpful? Give feedback.
-
|
I manually started our update bot that @paulfantom wrote 🎉 |
Beta Was this translation helpful? Give feedback.
-
|
merged :) |
Beta Was this translation helpful? Give feedback.
Yep, your assumptions are right.
It won't be found as part of code scanning it seems.
We have a bot that sends weekly (I think) updates to all our versions, so there should be an automated PR soon that will bump the version. As it's just the default version I think we can wait until then. For people that want to run the patch version right away, there's always the option to set it explicitly to 8.3.5.