Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix vulnerabilities #1

Open
1 task
Matthiee opened this issue Jul 29, 2018 · 0 comments
Open
1 task

Fix vulnerabilities #1

Matthiee opened this issue Jul 29, 2018 · 0 comments
Labels
help wanted Extra attention is needed Vulnerability Vulnerabilities in the project or dependencies

Comments

@Matthiee
Copy link
Owner

Matthiee commented Jul 29, 2018
edited

We need to fix the vulnerabilities in this project.

PS D:\Source\Repos\RecipesNg6> npm audit

                       === npm audit security report ===


                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  Moderate        Prototype pollution

  Package         hoek

  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3

  Dependency of   karma [dev]

  Path            karma > log4js > loggly > request > hawk > boom > hoek

  More info       https://nodesecurity.io/advisories/566


  Moderate        Prototype pollution

  Package         hoek

  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3

  Dependency of   karma [dev]

  Path            karma > log4js > loggly > request > hawk > cryptiles > boom
                  > hoek

  More info       https://nodesecurity.io/advisories/566


  Moderate        Prototype pollution

  Package         hoek

  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3

  Dependency of   karma [dev]

  Path            karma > log4js > loggly > request > hawk > hoek

  More info       https://nodesecurity.io/advisories/566


  Moderate        Prototype pollution

  Package         hoek

  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3

  Dependency of   karma [dev]

  Path            karma > log4js > loggly > request > hawk > sntp > hoek

  More info       https://nodesecurity.io/advisories/566


  Moderate        Memory Exposure

  Package         tunnel-agent

  Patched in      >=0.6.0

  Dependency of   karma [dev]

  Path            karma > log4js > loggly > request > tunnel-agent

  More info       https://nodesecurity.io/advisories/598


  Low             Regular Expression Denial of Service

  Package         timespan

  Patched in      No patch available

  Dependency of   karma [dev]

  Path            karma > log4js > loggly > timespan

  More info       https://nodesecurity.io/advisories/533

found 6 vulnerabilities (1 low, 5 moderate) in 25660 scanned packages
  6 vulnerabilities require manual review. See the full report for details.

Here is a list with all projects that we need to track in order to fix those vulnerabilities.
@Matthiee Matthiee added help wanted Extra attention is needed Vulnerability Vulnerabilities in the project or dependencies labels Jul 29, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed Vulnerability Vulnerabilities in the project or dependencies
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Matthiee