[COMPASS-5452] Replace `hex-to-uuid` Created: 24/Jan/22  Updated: 13/Apr/22  Resolved: 13/Apr/22

Status: Closed
Project: Compass
Component/s: None
Affects Version/s: None
Fix Version/s: 1.31.1

Type: Task Priority: Major - P3
Reporter: Maurizio Casimirri Assignee: Sergey Petushkov
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Duplicate
duplicates COMPASS-5117 Use non-vulnerable version of hadron-... Closed
Related
Story Points: 2
Documentation Changes: Not Needed
Sprint: Iteration Zanzibar

 Description   

The `hex-to-uuid` library is affected by a vulnerability that is causing security warnings for the CLOUD builds. We only use that library to format UUIDs and we can replace it with other code that doesn't have security issues.

For reference this is how mongosh accomplish the same without using any library: https://github.com/mongodb-js/mongosh/blob/main/packages/service-provider-core/src/printable-bson.ts#L59

Note: the reported vulnerability for `hex-to-uuid` is not actually affecting either us or CLOUD.



 Comments   
Comment by Maurizio Casimirri [ 13/Apr/22 ]

Done as part of bson-value refactor

Generated at Wed Feb 07 22:39:37 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.