Replies: 1 comment 1 reply
-
|
Hi @mjwsfg - I can go ahead and upgrade that package ASAP. However, it's important to note that the npm dependencies in this repo have 0 impact on the metadata that is installed to your org when you install Nebula Logger. The npm dependencies are strictly used by myself for automation when doing development, and by the pipeline when generating new package versions - none of the dependencies are used by Nebula Logger directly. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thank you for the prompt response @jongpie and clarification of the usage. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Have there been any thoughts or planning yet on migrating away from the usage and dependency upon the vm2 package to another alternative that is still supported and doesn't have critical vulnerabilities? In our Org, this is discouraging our use of it as a result, knowing that there is at least discussions or a plan (ideally with a timeline goal) can help with our security discussions.
See:
https://www.cve.org/CVERecord?id=CVE-2023-37903
https://www.cve.org/CVERecord?id=CVE-2023-37466
Thank you.
Beta Was this translation helpful? Give feedback.
All reactions