How to fix Unsanitized user controlled input in module generation vulnerability #4286

dominictobias · 2023-11-10T18:56:47Z

dominictobias
Nov 10, 2023

This is driving me insane. Yarn only partially forces deps to secure version when doing "**/@opentelemetry/instrumentation": "^0.45.1" in package.json resolutions object (I've tried completely cleaning, even manually editing yarn.lock)

What I don't get is that I can't find anywhere in this repo even though NPM links to it, which is related to this dependency or module. For example if I search for "fastify" there are only a couple of references here, and none point to how I can submit a PR to update @opentelemetry/instrumentation-fastify to use 0.45.1 of @opentelemetry/instrumentation 😫

Any pointers please?

Answered by Flarna

Nov 10, 2023

The link on NPM points to the correct repo: https://github.com/open-telemetry/opentelemetry-js-contrib

And this is the actual folder in the repo for fastify instrumentation.

Renovate did already an update of the deps, release is not yet done.

View full answer

Flarna · 2023-11-10T19:56:09Z

Flarna
Nov 10, 2023

The link on NPM points to the correct repo: https://github.com/open-telemetry/opentelemetry-js-contrib

And this is the actual folder in the repo for fastify instrumentation.

Renovate did already an update of the deps, release is not yet done.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

How to fix Unsanitized user controlled input in module generation vulnerability #4286

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

How to fix Unsanitized user controlled input in module generation vulnerability #4286

Uh oh!

Uh oh!

dominictobias Nov 10, 2023

Replies: 1 comment

Uh oh!

Flarna Nov 10, 2023

dominictobias
Nov 10, 2023

Flarna
Nov 10, 2023