Comments (16)
As far as I can tell, this has merged:
01d398f
from azure-pipelines-task-lib.
any updates on this? Security team of one of our customers is demanding us to upgrade our library with the patched version of mockery.
from azure-pipelines-task-lib.
@joshftb Two weeks ago this was given the 'triage' label and then removed. Your latest response indicates that this vulnerability may not be exploitable, yet the issue remains 'Open.' Please advise if Microsoft is planning to update their references to use the newest version of mockery that is not vulnerable (according to SNYK there are no 'next non-vulnerable versions') or plans to close this issue.
from azure-pipelines-task-lib.
from azure-pipelines-task-lib.
Hi @luxaflow thank you for reporting this issue, this is currently being worked on.
from azure-pipelines-task-lib.
@maksimu mockery is only used for testing, so none of its exports will see prod. Also, the task does not use the vulnerable component of that library anyways.
from azure-pipelines-task-lib.
Team, Any updates on this? If the task doesn't use the vulnerable component, Can you please advise why this issue is not closed? We need to respond back to our Security team about the status of this issue.
from azure-pipelines-task-lib.
@Vertex-btb, @rajarajan2801 Mockery is indeed used only for testing. This issue is not closed, as we're preparing a replacement, and it's not merged yet.
from azure-pipelines-task-lib.
Hi, any updates on this?. I have a task created and I depends on solve this issue to be able to deploy it. Thanks
from azure-pipelines-task-lib.
hi :)
not a single commit on the PR for a full month since the Lilia's work. any idea when we could expect it or what is blocking because all checks seem OK ? thanks <3
from azure-pipelines-task-lib.
Compatibility checks with the existing tasks in the azure-pipelines-tasks and introduction of the node20 handler and other priorities. Merging this pull request has consequences beyond this library.
from azure-pipelines-task-lib.
This issue has had no activity in 90 days. Please comment if it is not actually stale
from azure-pipelines-task-lib.
not stale :)
from azure-pipelines-task-lib.
Any update on this issue?
Waiting for the fix for quite some time now. It is becoming critical to us as we're unable to upgrade our packages to a higher version as the security check fails for azure-pipelines-task-lib.
from azure-pipelines-task-lib.
Thanks jesse.
from azure-pipelines-task-lib.
Related Issues (20)
- Invalid download directory for MockTestRunner (EPERM) HOT 2
- environment variables are not picked up by task. HOT 2
- Secrets (within quotes) that are part of Variable Group linked to KeyVault are not masked in logs HOT 2
- visibleRule validation failing for custom extension HOT 3
- ToolRunner is leaking the command line HOT 2
- How to authenticate using AccessToken to call DevOps API from custom PowerShell task HOT 4
- ToolRunner does not properly buffer the `stdline` and `errline`. HOT 1
- Version of VstsTaskSdk packages in PSGallery module stop at 0.11.0 and does not contain fixes from 0.12.0 thru 0.14.0. Please publish newer versions referenced in release notes. HOT 2
- FR - Provide a way to get Task/Extension information HOT 4
- azure-pipelines-task-lib/node/docs /proxy.md contains a minor mistake on one of the samples HOT 4
- Build issues with deasync HOT 6
- Node version discrepancy between task library docs, tutorial docs, build, and mock task runner HOT 3
- `azure-pipelines-task-lib/task`'s `execAsync` fails on `this.tool(...)` HOT 2
- azure-pipelines-task-lib/task's _argStringToArray strips double quotes HOT 2
- It is not clear which version of the node is supported by the version of the azure-pipelines-task-lib HOT 3
- Implementing custom pipeline task to execute multiple tasks in parallel HOT 1
- Implement log grouping commands HOT 4
- Find-Match crashes if Onedrive synced file is missing on harddisk - Find-Match : Cannot convert value "4199968" to type "VstsTaskSdk.FS.Attributes" due to enumeration values that are not valid. Specify one of the following enumeration values and try again. HOT 1
- clarify *wrapper task* and *task variable* HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azure-pipelines-task-lib.