Ernest Landrito

icon indicating an email [email protected]

icon company Google icon location Longmont, CO

Results 3 issues of Ernest Landrito

Prism docker image vulnerabilities

1 comment

snyk.io scan of the `spotlight/prism` docker image is reporting 17 vulnerabilities due to using `node:16` as the base image. Upgrading docker image to use `node:18.20.1` resolves all but one low...

p/high
triaged
c/security
jira
team/bad-news-bears

chore: Fix 'fast-xml-parser' vulnerability

Addresses #2580 **Summary** Fixes the 'fast-xml-parser' vulnerability. https://github.com/advisories/GHSA-mpg4-rc92-vx8v **Checklist** - The basics - [x] I tested these changes manually in my local or dev environment - Tests - [ ]...

dependencies
security

Dependency fast-xml-parser vulnerable to ReDOS at currency parsing

The 'fast-xml-parser' dependency has a vulnerability. ## Context https://github.com/advisories/GHSA-mpg4-rc92-vx8v ## Current Behavior Current version 4.2.0 is vulnerable. ## Expected Behavior Package uses version 4.4.1+. ## Possible Workaround/Solution Increase version to...

security