White Source is flagging a high severity vulnerability in Guzzle

[iandavidwild]

Please see CVE-2022-29248 - https://www.mend.io/vulnerability-database/CVE-2022-29248

I'm not sure how you are building your source but the latest version of the AWS SDK installed via Composer fixes this issue.

[danmarsden]

Thanks for the report.

That CVE refers to the fact that cookie middleware is disabled by default and I'm also 90% sure (I didn't write this code and I haven't traced it) that our use does not allow end-users(students/teachers etc.) to modify the url being passed to guzzle either so I'd say we are not affected (although we should get someone to update the guzzle libs anyway.