Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: zapier-platform-cli has dependency on old version of got that has known security issues #956

Open
mdesousa opened this issue Jan 27, 2025 · 1 comment
Open

[Bug]: zapier-platform-cli has dependency on old version of got that has known security issues #956

mdesousa opened this issue Jan 27, 2025 · 1 comment
Labels
bug Something isn't working

Comments

@mdesousa
Copy link

Bug Description

Please reference CVE-2022-33987 for details.
The latest version of zapier-platform-cli depends on [email protected], which is vulnerable and should be upgraded to (at least) 11.8.5.

Thanks

Reproduction Steps

  1. npm install zapier-platform-cli
  2. npm ls got

Zapier Platform version

  • CLI version: 16.2.0 * Node.js version: v22.12.0 * OS info: darwin-arm64

Node.js version

v22.12.0

Your Operating System

No response

npm/yarn version

No response

App ID

No response

More Details

No response
@mdesousa mdesousa added the bug Something isn't working label Jan 27, 2025
@santialbo
Copy link

Fixing this is going to be a bit complicated for them as the new versions of the packages are ESM packages and the repo is common js. I "fixed" it by doing this on my package.json

Image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mdesousa @santialbo