Hi all,
I am not sure if this is the best channel for this, but i have opened this ticket a few days ago:
https://github.com/osquery/osquery/issues/7494 . I would like to get your point of view on the criticality of those vulnerabilities and if you think they qualify to get a new release with those dependencies upgraded. Reading on the ASSURANCE.md document, i read that some of the vulnerabilities may not affect osquery for one or other reason but i am not smart enough to understand when they do or they not. The fact is that our tool (we are using SNYK) reports back 4 CRITICAL and 21 HIGH vulnerabilities which does not look really good. If they are so, would you be open to release a new osquery version sooner with those dependecies upgraded?
Thanks!