Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

handlebars security vulnerability - npm won't install #8708

Closed
birdsarah opened this issue Mar 4, 2019 · 0 comments · Fixed by #8709
Closed

handlebars security vulnerability - npm won't install #8708

birdsarah opened this issue Mar 4, 2019 · 0 comments · Fixed by #8709
Labels
reso: completed tag: component: bokehjs tag: component: build type: task
Milestone
1.1

Comments

@birdsarah
Copy link
Member

On running npm install --no-save

I get the response

> bokehjs@1.1.0-dev8 prepare /home/bird/Dev/bokeh/bokeh/bokehjs
> node ./prepare.js

audited 738 packages in 1.96s
found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details

Results of npm audit

                                                                    
                       === npm audit security report ===                        
                                                                                
# Run  npm update handlebars --depth 2  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ handlebars                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ istanbul [dev]                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ istanbul > handlebars                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/755                             │
└───────────────┴──────────────────────────────────────────────────────────────┘


found 1 high severity vulnerability in 738 scanned packages
  run `npm audit fix` to fix 1 of them.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
reso: completed tag: component: bokehjs tag: component: build type: task
Projects
None yet
Milestone
1.1
Development

Successfully merging a pull request may close this issue.

After running npm audit fix bokeh/bokeh
3 participants
@mattpap @bryevdv @birdsarah