-
Type: Task
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
2
-
Not Needed
-
Iteration Zanzibar
The `hex-to-uuid` library is affected by a vulnerability that is causing security warnings for the CLOUD builds. We only use that library to format UUIDs and we can replace it with other code that doesn't have security issues.
For reference this is how mongosh accomplish the same without using any library: https://github.com/mongodb-js/mongosh/blob/main/packages/service-provider-core/src/printable-bson.ts#L59
Note: the reported vulnerability for `hex-to-uuid` is not actually affecting either us or CLOUD.
- duplicates
-
COMPASS-5117 Use non-vulnerable version of hadron-react-bson
- Closed