You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
'npm audit' outputs warnings if you are running versions of node modules with known security problems. These are not necessarily exploitable in the context of Matomo but its still nice to tidy them up.
On current 4.x-dev I get the following.
# npm audit report
Cross-Site Scripting - https://npmjs.com/advisories/1518
Cross-Site Scripting (XSS) - https://npmjs.com/advisories/328
Prototype Pollution - https://npmjs.com/advisories/796
fix available via `npm audit fix --force`
Will install firstname.lastname@example.org, which is a breaking change
Cross-Site Scripting - https://npmjs.com/advisories/817
No fix available
2 vulnerabilities (1 moderate, 1 high)
'npm audit' should give Matomo a clean bill of health.
I'm not sure if the materialize-css issues are affecting Matomo (I don't think so), but I guess there is also not much that can be done apart from waiting for the fork to become stable (unless again someone can reproduce a specific security issue affecting Matomo) #16368
I would be quite surprised if any of these vulnerabilities were exploitable within Matomo (although its not impossible). Checking for vulnerable node dependencies is just a code hygiene task I do every so often :)
Reading the issue you linked it sounds like the jquery upgrade is already well under way.