Comments (3)
austinlparker
commented on June 30, 2024
2
Thanks for opening this issue - we are aware of the ws vulnerability and plan to update thrift in order to resolve it. As you noticed, there are incompatibilities with older node.js versions and thrift 0.11. We're working internally to ensure we can deprecate these versions in a new release, but let me see if I can get the ball rolling in the hopes of getting a release out sooner rather than later.
In the mean time, we analyzed the reported ws vulnerabilities and believe them to be low impact. If you require a write-up, please email me at [email protected] and I can share it with you.
from lightstep-tracer-javascript.
austinlparker
commented on June 30, 2024
1
Just a quick update - after some internal discussion, we're going to go-ahead with dropping support for older node versions. I should be able to get to it early next week as I'm returning from Kubecon today. Thanks for your patience!
from lightstep-tracer-javascript.
esarafianou
commented on June 30, 2024
Thanks for the followup @austinlparker, I really appreciate it.
from lightstep-tracer-javascript.
Related Issues (20)
- Add trace-context header support
- Clock skew correction should take into account wrong window.performance time on browser platform HOT 1
- [Chrome] lighstep-tracer triggers browser errors: `Security Error: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.` HOT 1
- Support for reporter tags HOT 2
- Page fails to load on IE11 with lightstep-tracer 0.24.3
- Enable `global-require` lint
- Extract babel config from Makefile / webpack config
- SameSite Cookie attributes
- Optionally _clearBuffer on _reportErrorStreak Threshold
- No way to create a custom propagator HOT 1
- Make and use getters on SpanContext
- React Native crash when it tries to access or add cookies. Error: 'document is undefined'.' HOT 2
- Browser friendly lightweight distribution HOT 3
- Broken in Edge 18 due to spread in object literal HOT 2
- Only half of the traceid is used when using the LightstepPropagator. HOT 2
- lightstep-tracer-javascript latest version contains high severity vulnerability of underscore package HOT 3
- Prototype Pollution in async HOT 2
- Update dependencies in order to fix security vulnerabilities HOT 1
- Support for ot-tracer-sampled HOT 1
- Default value for `sampling.priority` tag?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lightstep-tracer-javascript.