Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High and Moderate Vulnerabilities #480

Closed
2 tasks done
mationai opened this issue Mar 2, 2019 · 1 comment
Closed
2 tasks done

High and Moderate Vulnerabilities #480

mationai opened this issue Mar 2, 2019 · 1 comment
Milestone
v3

Comments

@mationai
Copy link

mationai commented Mar 2, 2019
edited
Loading

  • node version: 8.15
  • npm version: 6.4.1
  • npm-check-updates version: 2.15

npm audit reports:
High vulnerabilities from this repo via:
tough-cookie - fixed in: salesforce/tough-cookie#92
sshpk - fixed in: TritonDataCenter/node-sshpk#49

Moderate vulnerabilities:
tunnel-agent - open issue: request/tunnel-agent#41
hoek - fixed in: hapijs/hoek#230 and tracked in this repo since April'18 in this repo #432
brace-expansion - fixed in: juliangruber/brace-expansion#33
stringstream - mhart/StringStream#12

Low:
debug - fixed in: debug-js/debug#570

With 6 out of 7 vulnerabilities fixed, the only question is if chain of packages from those to this repo have already pulled in the fixes. Can maintainers please take a look at this? This is pretty important since 6 of these are High and Moderate vulnerabilities.
@raineorshine
Copy link
Owner

Thanks! Packages will be updated in the upcoming v3 release. Development has been delayed due to there not being any active contributors.

@raineorshine raineorshine added this to the 3.0.0 milestone Mar 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3
Development

No branches or pull requests
2 participants
@mationai @raineorshine