Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

found 2 moderate severity vulnerabilities #4

Closed
peterennis opened this issue Oct 6, 2018 · 0 comments · Fixed by #8
Closed

found 2 moderate severity vulnerabilities #4

peterennis opened this issue Oct 6, 2018 · 0 comments · Fixed by #8

Comments

@peterennis
Copy link

Stencil version: (run npm list @stencil/core from a terminal/cmd prompt and paste output below):

C:\ae\aedev\ionic-pwa-elements>npm list @stencil/core
@ionic/pwa-elements@1.0.0 C:\ae\aedev\ionic-pwa-elements
`-- @stencil/core@0.13.2

I'm submitting a ... (check one with "x")
[x] bug report
[ ] feature request
[ ] support request => Please do not submit support requests here, use one of these channels: https://forum.ionicframework.com/ or https://stencil-worldwide.slack.com

Current behavior:

Build and get security warnings.

Expected behavior:

Build and get NO security warnings.

Steps to reproduce:

Related code:

C:\ae\aedev\ionic-pwa-elements>npm i
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@1.2.4 (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.2.4: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

added 402 packages from 372 contributors and audited 3075 packages in 22.847s
found 2 moderate severity vulnerabilities
  run `npm audit fix` to fix them, or `npm audit` for details

C:\ae\aedev\ionic-pwa-elements>npm audit

                       === npm audit security report ===


                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  Moderate        Regular Expression Denial of Service

  Package         semver

  Patched in      >=4.3.2

  Dependency of   @stencil/core

  Path            @stencil/core > rollup-plugin-node-builtins > browserify-fs
                  > levelup > semver

  More info       https://nodesecurity.io/advisories/31


  Moderate        Memory Exposure

  Package         bl

  Patched in      >=0.9.5 <1.0.0 || >=1.0.1

  Dependency of   @stencil/core

  Path            @stencil/core > rollup-plugin-node-builtins > browserify-fs
                  > levelup > bl

  More info       https://nodesecurity.io/advisories/596

found 2 moderate severity vulnerabilities in 3075 scanned packages
  2 vulnerabilities require manual review. See the full report for details.

C:\ae\aedev\ionic-pwa-elements>

Other information:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update dependencies
1 participant
@peterennis