Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Patch CVE for d3-color #830

Closed
ziler-orca opened this issue Feb 13, 2024 · 1 comment
Closed

Patch CVE for d3-color #830

ziler-orca opened this issue Feb 13, 2024 · 1 comment

Comments

@ziler-orca
Copy link

Please answer these questions before submitting your issue. Thanks!

What version of pprof are you using?

latest

If you are using pprof via go tool pprof, what's your go env output?

If you run pprof from GitHub, what's the Git revision?

What operating system and processor architecture are you using?

Linux 5.10.205-195.807.amzn2.x86_64

What did you do?

Ran a vulnerability scanning tool

What did you expect to see?

Patch the following CVE please

CVE Package Name Vulnerable Version Patched Version Package Path
GHSA-36jr-mh4h-2g58 d3-color-1.4.1 1.4.1 3.1.0 /usr/local/go/src/cmd/vendor/github.com/google/pprof/third_party/d3flamegraph/package-lock.json

What did you see instead?

Vulnerability showed up by our scan tool
@aalexand
Copy link
Collaborator

#825 removed d3 flamegraph dependency.

@ziler-orca ziler-orca mentioned this issue Feb 16, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aalexand @ziler-orca