Hello @npalm @gertjanmaas @mcaulifn

I got source code of version v0.18.0 and I was able get runner instance running in our org aws account.

But the code I got raised two high severity set-value vulnerability. I'm adding the more details here.

vulnerability CVE-2019-10747 --> GHSA-4g88-fppr-53pp

set-value --> modules/webhook/lambdas/webhook/yarn.lock
set-value --> modules/runner-binaries-syncer/lambdas/runner-binaries-syncer/yarn.lock

Remediation
Upgrade set-value to version 4.0.1 or later

How do I need to update the set-value version in those files. I'm not familiar in writing yarn files. I'd really appreciate your help in it.

I'm seeing so many set-value in yarn.lock file. Let me know which lines needs to be updated in webhook/yarn.lock & binaries-syncer/yarn.lock

Let me know if you need more information

Thank you
Srikanth