Using Vulnerable Libraries

Why is this important?

Most of the code for modern applications is coming from third-party libraries. This is great because it speeds up development. However, there is no guarantee that third-party libraries are secure and of high quality.

Check out this video for a high-level explanation:

Updating Vulnerable libraries

Option A: Update the dependency

Look at the vulnerable component in the GuardRails PR comment
Identify the right <dependency> in the mix.exs
Change the <version> of the related <dependency> in the mix.exs to reflect the patched version
- Alternatively, run mix deps.update <dependency>
Test to verify that the upgrade doesn't break the app
Ship it 🚢 and relax 🌴

More information

OWASP TOP 10 Reference: Using Components with Known Vulnerabilities

Why is this important?​

Updating Vulnerable libraries​

Option A: Update the dependency​

More information​

Why is this important?

Updating Vulnerable libraries

Option A: Update the dependency

More information