-
Type: Task
-
Resolution: Won't Do
-
Priority: Minor - P4
-
None
-
Affects Version/s: None
-
Component/s: None
Use Case
As a developer
I want to use the latest AWS credential providers
So that I have a secure driver experience.
@aws-sdk/client-sts has a dependency on fast-xml-parser that has the below security warning. Updating to the latest SDK updates the related dependency.
Note that this is a peer dependency, downstream users can upgrade without changes.
User Impact
Only dependency security warnings. See: https://security.snyk.io/vuln/SNYK-JS-FASTXMLPARSER-5668858
Dependencies
None
Unknowns
None
Acceptance Criteria
Implementation Requirements
- Update @aws-sdk/credential-providers to 3.360.0 in the Node driver
Testing Requirements
None
Documentation Requirements
None
Follow Up Requirements
- Update bindings migration ticket to remove peer @aws-sdk/credential-providers in mongodb-client-encryption
- is related to
-
NODE-5412 Conflicting peer dependency @aws-sdk/credential-providers
- Closed