Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Vulnerabilities ] High severity vulnerability exists in Heroku CLI (heroku/9.2.1 linux-x64 node-v16.20.2) #3014

Open
debabrata-shome opened this issue Sep 23, 2024 · 1 comment

Comments

@debabrata-shome
Copy link

debabrata-shome commented Sep 23, 2024

This project is for the Heroku CLI only and issues are reviewed as we are able. If you need more immediate assistance or help with anything not specific to the CLI itself, please use https://help.heroku.com.

Do you want to request a feature or report a bug?

I am trying to report a High-severity (P0) security bug that is present in Heroku CLI due to dependent libraries

  • npm:plist
  • npm:ip
  • npm:ejs
  • npm:exca

Version Details : heroku/9.2.1 linux-x64 node-v16.20.2

What is the current behavior?

If the current behavior is a bug, please provide the steps to reproduce.

More details on CVEs

What is the expected behavior?

Please update the third party library to remediate the vulnerabilities from Heroku CLI

@debabrata-shome debabrata-shome changed the title [Security Vulnerabilities ] High severity vulnerability is present in Heroku CLI (heroku/9.2.1 linux-x64 node-v16.20.2) [Security Vulnerabilities ] High severity vulnerability exists in Heroku CLI (heroku/9.2.1 linux-x64 node-v16.20.2) Sep 23, 2024
@sbosio
Copy link
Contributor

sbosio commented Sep 23, 2024

Hi @debabrata-shome, we're working on our upcoming release for Heroku CLI v10 that will drop support for Node 16 and will allow us to upgrade some blocked dependencies and get rid of all of these vulnerabilities.

We'll let you know when our next major version release is out and close this report.

Best!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants