Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dependencie updates (express 4.20.0) not part of released unleash server version 6.2.2 #8162

Closed
skyd0me opened this issue Sep 17, 2024 · 4 comments
Closed

dependencie updates (express 4.20.0) not part of released unleash server version 6.2.2 #8162

skyd0me opened this issue Sep 17, 2024 · 4 comments
Assignees
@gastonfournier
Labels
bug

Comments

@skyd0me
Copy link

skyd0me commented Sep 17, 2024
edited
Loading

In version 6.2.2 it looks like a update of express was shipped: v6.2.2...main#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R151

Unfortunately this change is not part of the published version: https://www.npmjs.com/package/unleash-server/v/6.2.2?activeTab=code

This results in having the "old" express version as peer dependency and thus also the related vulnerability reported with this version.

Expected behavior

have the updated express v 4.20 listed as peer dependency

Screenshots

image

Unleash version

6.2.2
@skyd0me skyd0me added the bug label Sep 17, 2024
@gastonfournier
Copy link
Contributor

Hi @skyd0me we'll look into it, we're going to release a patch version with some security updates.

@gastonfournier gastonfournier moved this from Support rotation to In Progress in Issues and PRs Sep 18, 2024
@gastonfournier
Copy link
Contributor

Well, 6.2 seems to have the old version https://github.com/Unleash/unleash/blob/6.2/package.json#L129 not sure why the comparison you showed is saying otherwise, but we'll fix it

@skyd0me
Copy link
Author

skyd0me commented Sep 18, 2024

Ahhh I think I got the issue. Just clicked on the wrong comparison. We can close this for now and happy that you will publish a new version with the fix.
Would be awesome if someone can do the same for unleash-proxy: Unleash/unleash-proxy#193

@skyd0me skyd0me closed this as completed Sep 18, 2024
@github-project-automation github-project-automation bot moved this from In Progress to Done in Issues and PRs Sep 18, 2024
@gastonfournier
Copy link
Contributor

Nice @skyd0me thanks for the contribution to proxy! I'll run it an also release it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gastonfournier gastonfournier

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gastonfournier @gardleopard @skyd0me