Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm audit result #434

Closed
noelbranz opened this issue Oct 20, 2019 · 1 comment · Fixed by #436
Closed

npm audit result #434

noelbranz opened this issue Oct 20, 2019 · 1 comment · Fixed by #436
Assignees
@joshcanhelp

Comments

@noelbranz
Copy link

In order to efficiently and accurately address your issue or feature request, please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. Please delete any sections or questions below that do not pertain to this request.

For general support or usage questions, please use the Auth0 Community or Auth0 Support.

Description

Description of the bug or feature request and why it's a problem. Consider including:

  • The use case or overall problem you're trying to solve
  • Information about when the problem started

Prerequisites

[ ] I have checked the documentation for this library.

[ ] I have checked the Auth0 Community for related posts.

[ ] I have checked for related or duplicate Issues and PRs.

[ ] I have read the Auth0 general contribution guidelines.

[ ] I have read the Auth0 Code of Conduct.

Environment

Please provide the following:

  • Version of the node-auth0 used: 2.20.0
  • Version of Node.js used: Node 10
  • Additional modules used that might be affecting your instance:

Reproduction

High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of auth0
Path auth0 > rest-facade > superagent-proxy > proxy-agent >
https-proxy-agent
More info https://npmjs.com/advisories/1184

High Machine-In-The-Middle
Package https-proxy-agent
Patched in >=3.0.0
Dependency of auth0
Path auth0 > rest-facade > superagent-proxy > proxy-agent >
pac-proxy-agent > https-proxy-agent
More info https://npmjs.com/advisories/1184

found 2 high severity vulnerabilities in 2882 scanned packages
2 vulnerabilities require manual review. See the full report for details.
@joshcanhelp joshcanhelp self-assigned this Oct 21, 2019
@joshcanhelp
Copy link
Contributor

@noelbranz - Thank you for the heads-up here. The vulnerability comes from pretty far down the dependency chain. It looks like this is the fix that's been merged:

TooTallNate/node-pac-proxy-agent#22

... we're just waiting on a release there and then up the chain:

rest-facade > superagent-proxy > proxy-agent > pac-proxy-agent > https-proxy-agent

@joshcanhelp joshcanhelp mentioned this issue Oct 25, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joshcanhelp joshcanhelp

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update rest-facade dependency auth0/node-auth0
2 participants
@joshcanhelp @noelbranz