CVE-2019-10747

Question

CVE-2019-10747

rickspencer3 opened this issue 4 years ago · comments

Rick Spencer commented 4 years ago

Could someone please address or silence the following vulnerable dependency notification?

https://github.com/influxdata/influxdb-templates/network/alert/yarn.lock/set-value/open

Johnny Steenbergen · Answer 1 · Wed Apr 22 2020 02:08:13 GMT+0800 (China Standard Time)

@rickspencer3 I can't find this alert anywhere, and I can't open up the link you shared.

@mhall119 / @russorat, do you know why we are seeing an issue with a yarn.lock file? had no idea there was JS in the repo...

Johnny Steenbergen · Answer 2 · Wed Apr 22 2020 02:09:21 GMT+0800 (China Standard Time)

ahh I see, this isn't the same as community tempaltes. These are the legacy templates. Explains why I don't have a clue what's going on here 🤷

Michael Hall · Answer 3 · Wed Apr 22 2020 02:11:13 GMT+0800 (China Standard Time)

You had me worried there for a minute, because there absolutely shouldn’t be a yarn.lock on the community-template! Michael Hall mhall@influxdata.com

…

On Apr 21, 2020, at 2:09 PM, Johnny Steenbergen ***@***.***> wrote: ahh I see, this isn't the same as community tempaltes. These are the legacy templates. Explains why I don't have a clue what's going on here 🤷 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#28 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAEP3BBDXTJPKIKPIOBMLELRNXOOBANCNFSM4MNP4LJA>.