Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dataform CLI: deprecated vm2@3.9.19: critical security issues #1677

Open
olga-bienkowska opened this issue Feb 19, 2024 · 1 comment
Open

Dataform CLI: deprecated vm2@3.9.19: critical security issues #1677

olga-bienkowska opened this issue Feb 19, 2024 · 1 comment

Comments

@olga-bienkowska
Copy link

Hello,

When I install npm install -g @dataform/cli@latest, I have an error saying:

npm WARN deprecated vm2@3.9.19: The library contains critical security issues and should not be used for production! The maintenance of the project has been discontinued. Consider migrating your code to isolated-vm.

What should we do about it?
@olga-bienkowska olga-bienkowska changed the title Dataform CLI: deprecated vm2@3.9.19 Dataform CLI: deprecated vm2@3.9.19: critical security issues Feb 19, 2024
@BenBirt
Copy link
Collaborator

BenBirt commented Feb 20, 2024

This is a duplicate of #1615.

TL; DR: we use vm2 for some useful features (basically providing an out-of-the-box execution environment). We do not rely on it for any kind of sandboxing.

We will replace it, but that work is at a low priority.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BenBirt @olga-bienkowska