[COMPASS-5452] Replace `hex-to-uuid` Created: 24/Jan/22 Updated: 13/Apr/22 Resolved: 13/Apr/22 |
|
| Status: | Closed |
| Project: | Compass |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 1.31.1 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Maurizio Casimirri | Assignee: | Sergey Petushkov |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Story Points: | 2 | ||||||||||||||||
| Documentation Changes: | Not Needed | ||||||||||||||||
| Sprint: | Iteration Zanzibar | ||||||||||||||||
| Description |
|
The `hex-to-uuid` library is affected by a vulnerability that is causing security warnings for the CLOUD builds. We only use that library to format UUIDs and we can replace it with other code that doesn't have security issues. For reference this is how mongosh accomplish the same without using any library: https://github.com/mongodb-js/mongosh/blob/main/packages/service-provider-core/src/printable-bson.ts#L59 Note: the reported vulnerability for `hex-to-uuid` is not actually affecting either us or CLOUD. |
| Comments |
| Comment by Maurizio Casimirri [ 13/Apr/22 ] |
|
Done as part of bson-value refactor |