Closed
Description
I'm submitting a...
- Bug report
- Feature request
- Question
Current behavior
The ssh2 version is fixed in tunnel-ssh which is one of the dependency of db-migrate. That version of ssh2 (0.5.4) has a security vulnerability reported in https://nvd.nist.gov/vuln/detail/CVE-2020-26301 and also in tunnel-ssh agebrock/tunnel-ssh#88.
It seems tunnel-ssh has not been active for a long time, so just wondering is there is a plan to replace tunnel-ssh or something else. Thanks
└─┬ [email protected]
└─┬ [email protected]
└── [email protected]
Expected behavior
Minimal reproduction of the problem with instructions
What is the motivation / use case for changing the behavior?
Environment
db-migrate version: X.Y.Z
plugins with versions: X.Y.Z
db-migrate driver with versions:
Additional information:
- Node version: XX
- Platform:
Others:
Metadata
Metadata
Assignees
Labels
No labels