Skip to content

some packages are shown as security issues #109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
chiptus opened this issue Nov 4, 2019 · 2 comments · Fixed by #111
Closed

some packages are shown as security issues #109

chiptus opened this issue Nov 4, 2019 · 2 comments · Fixed by #111
Labels
released

Comments

@chiptus
Copy link
Contributor

chiptus commented Nov 4, 2019

when running npm install, there are three deps that are giving security issues:
handlebars is fixed with npm audit fix (i'll make a PR), but other two are showing:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ semver                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.3.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ kcd-scripts [dev]                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ kcd-scripts > rollup-plugin-node-builtins > browserify-fs >  │
│               │ levelup > semver                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/31                              │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Memory Exposure                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ bl                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.9.5 <1.0.0 || >=1.0.1                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ kcd-scripts [dev]                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ kcd-scripts > rollup-plugin-node-builtins > browserify-fs >  │
│               │ levelup > bl                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/596                             │
└───────────────┴──────────────────────────────────────────────────────────────┘
@chiptus chiptus added the bug Something isn't working label Nov 4, 2019
@afontcu afontcu removed the bug Something isn't working label Nov 4, 2019
@afontcu
Copy link
Member

afontcu commented Nov 4, 2019

These two dependencies are coming from kcd-scripts, I guess Kent would be very happy to find a PR updating them 😄

thanks!

@afontcu afontcu closed this as completed Nov 4, 2019
@chiptus chiptus mentioned this issue Nov 4, 2019
Merged
@afontcu
Copy link
Member

afontcu commented Mar 4, 2020

🎉 This issue has been resolved in version 4.2.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update handlebars (security issue) chiptus/vue-testing-library
2 participants
@chiptus @afontcu