Skip to content
This repository was archived by the owner on Sep 8, 2021. It is now read-only.

Security Issues from Yarn Audit #17

Open
ryanjwilke opened this issue Mar 25, 2020 · 0 comments
Open

Security Issues from Yarn Audit #17

ryanjwilke opened this issue Mar 25, 2020 · 0 comments

Comments

@ryanjwilke
Copy link

It would appear that this plugin has some audit issues that need to be addressed:

yarn audit v1.22.0
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ vue-cli-plugin-netlify-lambda                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ vue-cli-plugin-netlify-lambda > jest > jest-cli >            │
│               │ istanbul-api > istanbul-reports > handlebars > optimist >    │
│               │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1179                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Arbitrary File Write                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ decompress                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ No patch available                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ vue-cli-plugin-netlify-lambda                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ vue-cli-plugin-netlify-lambda > @vue/cli > download-git-repo │
│               │ > download > decompress                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1217                        │
└───────────────┴──────────────────────────────────────────────────────────────┘

This is causing some issues for me as yarn audit is built into my CI/CD process.
@ryanjwilke ryanjwilke changed the title Yarn Audit Security Issues outlined by Yarn Audit Mar 25, 2020
@ryanjwilke ryanjwilke changed the title Security Issues outlined by Yarn Audit Security Issues from Yarn Audit Mar 25, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ryanjwilke