You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What happened:
I was alerted to a CVE issue on a package (from Hex) that has a similar name to a vulnerable package available in the iOS ecosystem. They are unrelated packages.
What you expected to happen:
I was expecting not to receive a failure
How to reproduce it (as minimally and precisely as possible):
Add the expo dependency to an elixir app/ Run Grype.
Anything else we need to know?:
I am including a screenshot from the GH action output
Environment:
Output of grype version:
[info] using release tag='v0.74.4' version='0.74.4' os='linux' arch='amd64'
OS (e.g: cat /etc/os-release or similar):
[info] using release tag='v0.74.4' version='0.74.4' os='linux' arch='amd64'
The text was updated successfully, but these errors were encountered:
Add the expo dependency to an elixir app/ Run Grype.
Hi @supersimple , would you be able to expand how to do this? ...maybe provide a sample file or some command line steps to create one that's causing the issue?
Add the expo dependency to an elixir app/ Run Grype.
Hi @supersimple , would you be able to expand how to do this? ...maybe provide a sample file or some command line steps to create one that's causing the issue?
Hi.
The project I am working on is closed source, so I cannot share that with you, but this was a scan using the anchore/scan-action GH action, configured with defaults. Any Elixir/Phoenix app should give this warning, or a mix app that uses the expo dependency from Hex.
The issue seems to be that an iOS dependency by the same name has a CVE on early versions.
What happened:
I was alerted to a CVE issue on a package (from Hex) that has a similar name to a vulnerable package available in the iOS ecosystem. They are unrelated packages.
What you expected to happen:
I was expecting not to receive a failure
How to reproduce it (as minimally and precisely as possible):
Add the expo dependency to an elixir app/ Run Grype.
Anything else we need to know?:
I am including a screenshot from the GH action output
Environment:
grype version
:cat /etc/os-release
or similar):The text was updated successfully, but these errors were encountered: