Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerable JavaScript dependencies reported by GitHub Enterprise #90

Closed
nmeachen opened this issue Dec 8, 2020 · 3 comments
Closed

Vulnerable JavaScript dependencies reported by GitHub Enterprise #90

nmeachen opened this issue Dec 8, 2020 · 3 comments

Comments

@nmeachen
Copy link
Contributor

nmeachen commented Dec 8, 2020

Vulnerabilities that need to be addressed before production deployment.

Vulnerabilities reported in frontend/package-lock.json
kind-of - Known security vulnerability in 3.2.2 https://nvd.nist.gov/vuln/detail/CVE-2019-20149
object-path - Known security vulnerability in 0.11.4 https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w

Vulnerabilities reported in frontend/yarn.lock
acorn - Known security vulnerability in 6.1.1 https://github.com/acornjs/acorn/issues/929
dot-prop - Known security vulnerability in 4.2.0 https://nvd.nist.gov/vuln/detail/CVE-2020-8116
elliptic - Known security vulnerability in 6.4.1 https://nvd.nist.gov/vuln/detail/CVE-2020-13822
handlebars - Known security vulnerability in 4.1.2 https://nvd.nist.gov/vuln/detail/CVE-2019-19919
http-proxy - Known security vulnerability in 1.17.0 https://github.com/http-party/node-http-proxy/pull/1447/files
kind-of - Known security vulnerability in 6.0.2 https://nvd.nist.gov/vuln/detail/CVE-2019-20149
lodash - Known security vulnerability in 4.17.11 https://nvd.nist.gov/vuln/detail/CVE-2020-8203
minimist - Known security vulnerability in 0.0.10 https://nvd.nist.gov/vuln/detail/CVE-2020-7598
node-forge - Known security vulnerability in 0.7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7720
serialize-javascript - Known security vulnerability in 1.7.0 https://nvd.nist.gov/vuln/detail/CVE-2020-7660
websocket-extensions - Known security vulnerability in 0.1.3 https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv
yargs-parser - Known security vulnerability in 11.1.1 https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
nbashyam pushed a commit that referenced this issue Dec 9, 2020
Fixed #59,#61,#66 and #90
b2bd227
@nbashyam
Copy link
Collaborator

Updated the baseline with the required fixes.

@nmeachen
Copy link
Contributor Author

nmeachen commented Dec 11, 2020
edited
Loading

Vulnerabilities still outstanding.

Vulnerabilities reported in frontend/package-lock.json
ini - Known security vulnerability in 1.3.5 https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1
object-path - Known security vulnerability in 0.11.4 https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w

@nmeachen nmeachen reopened this Dec 11, 2020
@nmeachen
Copy link
Contributor Author

Issues appear to have been addressed.

AnanthaKrishnaV pushed a commit that referenced this issue Jan 15, 2021
Merge pull request #90 from ipaas/WireMockRandomIssue
85d32dc 
Fix for wiremock server issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nbashyam @nmeachen