Skip to content

Bump es5-ext to version 0.10.64 to resolve CVE-2024-27088#407

Closed
dmgardiner25 wants to merge 1 commit intomicrosoft:mainfrom
dmgardiner25:resolve-es5-ext-vuln
Closed

Bump es5-ext to version 0.10.64 to resolve CVE-2024-27088#407
dmgardiner25 wants to merge 1 commit intomicrosoft:mainfrom
dmgardiner25:resolve-es5-ext-vuln

Conversation

@dmgardiner25
Copy link
Copy Markdown
Member

@dmgardiner25 dmgardiner25 commented Feb 28, 2024

Changes proposed:

Upgrade the es5-ext package to 0.10.64 to resolve CVE-2024-27088.

I am aware of this previous PR pinning the version, but it doesn't seem like it was working as version 0.10.62 was installed which still includes the war messaging.

Other Tasks:

  • If you updated the Go SDK did you update the PackageVersion in tunnels.go
  • If you updated the TS SDK did you update the dependencies in package.json for connections and management to require a dependency that is > the current published version(Found using npm view @microsoft/dev-tunnels-contracts). This will fix issues where yarn will pull the old version of packages and will cause mismatched dependencies. See example PR

@dmgardiner25
Copy link
Copy Markdown
Member Author

dmgardiner25 commented Mar 10, 2024

Closing in favor of #412

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dmgardiner25