Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@aws-amplify/cli-extensibility-helper low severity vulnerability with aws-cdk-lib dependency #14090

Open
2 tasks
brianlenz opened this issue Jan 30, 2025 · 3 comments
Open
2 tasks

@aws-amplify/cli-extensibility-helper low severity vulnerability with aws-cdk-lib dependency #14090

brianlenz opened this issue Jan 30, 2025 · 3 comments
Labels
dependency-issue Issue with another dependency used feature-request Request a new feature pending-release Code has been merged but pending release

Comments

@brianlenz
Copy link
Contributor

Is this feature request related to a new or existing Amplify category?

No response

Is this related to another service?

No response

Describe the feature you'd like to request

@aws-amplify/cli-extensibility-helper has a dependency on aws-cdk-lib ~2.129.0 which has a low severity vulnerability that would be worth updating at some point:

GHSA-v4mq-x674-ff73

Describe the solution you'd like

Update the aws-cdk-lib dependency to allow for the patched 2.177.0 version.

Is there a reason the dependency on aws-cdk-lib needs to use a tilde range instead of a caret range (which would allow updates to the patched version)?

Describe alternatives you've considered

You'd have to override the resolution to update aws-cdk-lib to the patched version.

Additional context

No response

Is this something that you'd be interested in working on?

  • 👋 I may be able to implement this feature request

Would this feature include a breaking change?

  • ⚠️ This feature might incur a breaking change
@brianlenz brianlenz added the pending-triage Issue is pending triage label Jan 30, 2025
@ykethan
Copy link
Member

ykethan commented Jan 30, 2025

Hey @brianlenz, thank you for filing this issue. Marking this as feature request to update aws-cdk-lib.

@ykethan ykethan added dependency-issue Issue with another dependency used feature-request Request a new feature and removed pending-triage Issue is pending triage labels Jan 30, 2025
@sobolk
Copy link
Member

sobolk commented Jan 31, 2025

The change has been merged here #14086.

@sobolk sobolk added the pending-release Code has been merged but pending release label Jan 31, 2025
@brianlenz
Copy link
Contributor Author

Thanks @ykethan @sobolk!

Sorry to do this as it's unrelated, but since I have you, do you think we can make any progress on getting #13858 merged? I'm still having to use a custom amplify-dev CLI build and would love to get that merged. I'm happy to make changes to the PR if necessary, too. Thanks for your consideration 🙏

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependency-issue Issue with another dependency used feature-request Request a new feature pending-release Code has been merged but pending release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brianlenz @sobolk @ykethan