Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

amplify vulnerability in snyk due to old dependency #1381

Closed
gustavo-rios opened this issue Aug 3, 2018 · 4 comments · Fixed by #1773
Closed

amplify vulnerability in snyk due to old dependency #1381

gustavo-rios opened this issue Aug 3, 2018 · 4 comments · Fixed by #1773
Assignees
@powerful23
Labels
Auth Related to Auth components/category

Comments

@gustavo-rios
Copy link

I've found that snyk is reporting the following vulnerability in one of the dependencies and I just wanted you to be aware. Seems like updating crypto-browserfify to the latest version should fix this issue.

amplifyvuln
@haverchuck
Copy link
Contributor

@gustavo-rios - thank you for letting us know!

@haverchuck haverchuck added the Cognito Related to cognito issues label Aug 3, 2018
@jordanranz jordanranz assigned jordanranz and powerful23 and unassigned jordanranz Aug 7, 2018
@jordanranz
Copy link
Contributor

jordanranz commented Aug 7, 2018
edited

Hey @gustavo-rios, thanks for reporting this.

We did actually try upgrading the crypto-browserify version: #731, but we experienced issues using it with Angular 6: #857

I will investigate the status of this.

@stephannagel
Copy link

Hi, any updates on this issue?

@mlabieniec mlabieniec added Auth Related to Auth components/category and removed Cognito Related to cognito issues labels Sep 25, 2018
@mlabieniec mlabieniec mentioned this issue Sep 25, 2018
Closed
@powerful23 powerful23 mentioned this issue Sep 27, 2018
Merged
@github-actions
Copy link

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 13, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@powerful23 powerful23

Labels
Auth Related to Auth components/category
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(amazon-cognito-identity-js): replace crypto-browserify with crypto-js powerful23/aws-amplify
6 participants
@mlabieniec @jordanranz @gustavo-rios @haverchuck @powerful23 @stephannagel