You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Looking at the vulnerability CVE-2024-43788 , which comes through a call to webpack's AutoPublicPathRuntimeModule (link) I was wondering why the bom file created by the cyclonedx-webpack-plugin does not list webpack as runtime dependency. Or is there an option how to make it be listed in the bom, which we use for monitoring possible 3rd party vulnerabilites at runtime?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Looking at the vulnerability CVE-2024-43788 , which comes through a call to webpack's AutoPublicPathRuntimeModule (link) I was wondering why the bom file created by the cyclonedx-webpack-plugin does not list webpack as runtime dependency. Or is there an option how to make it be listed in the bom, which we use for monitoring possible 3rd party vulnerabilites at runtime?
Beta Was this translation helpful? Give feedback.
All reactions