-
Notifications
You must be signed in to change notification settings - Fork 208
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): Updates to address nsp advisory 1179
- Loading branch information
1 parent
ee86c4d
commit a5649db
Showing
17 changed files
with
47 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
{ | ||
"exceptions": [] | ||
"comment_1179": "1179 is prototype pollution in minimist, used by eslint. Doesn't affect us, as we don't pass untrusted external inputs to eslint.", | ||
"exceptions": [ | ||
"https://npmjs.com/advisories/1179" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,14 @@ | ||
{ | ||
"comment": "532, 534, 545 are various ReDoS that don't affect us.", | ||
"comment_566": "Hoek merge vuln, which we don't use.", | ||
"comment_1179": "1179 is prototype pollution in minimist, used by eslint, optimist, and mocha. Doesn't affect us, as we don't pass untrusted external inputs to any of these.", | ||
"comment_1488": "Acorn DoS vuln (dep of browserify), only applies if passed untrusted user input.", | ||
"exceptions": [ | ||
"https://nodesecurity.io/advisories/532", | ||
"https://nodesecurity.io/advisories/534", | ||
"https://nodesecurity.io/advisories/535", | ||
"https://nodesecurity.io/advisories/566", | ||
"https://npmjs.com/advisories/1179", | ||
"https://npmjs.com/advisories/1488" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
{ | ||
"exceptions": [] | ||
"comment_1179": "1179 is prototype pollution in minimist, used by eslint. Doesn't affect us, as we don't pass untrusted external inputs to eslint.", | ||
"exceptions": [ | ||
"https://npmjs.com/advisories/1179" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,6 @@ | ||
{ | ||
"comment_1179": "1179 is prototype pollution in minimist, used by tslint, ts-node-dev, mocha, knex. Doesn't affect us, as we don't pass untrusted external inputs to these libraries.", | ||
"exceptions": [ | ||
"https://npmjs.com/advisories/1179" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,6 @@ | ||
{ | ||
"comment_1179": "1179 is prototype pollution in minimist, used by eslint, mocha. Doesn't affect us, as we don't pass untrusted external inputs to those libraries.", | ||
"exceptions": [ | ||
"https://npmjs.com/advisories/1179" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,10 @@ | ||
{ | ||
"comment_766": "766 is sandbox breakout in sandbox.", | ||
"comment_1179": "1179 is prototype pollution in minimist, used by eslint, mocha, handlebars. Shouldn't affect us, as we don't pass untrusted external inputs to those libraries, but see https://github.com/mozilla/fxa/issues/4592 to investigate whether handlebars might have a vulnerability.", | ||
"comment_1488": "Denial of Service vulnerability in acorn. Doesn't affect us, as it's only used by i18n libraries.", | ||
"exceptions": [ | ||
"https://npmjs.com/advisories/766", | ||
"https://npmjs.com/advisories/1179", | ||
"https://npmjs.com/advisories/1488" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,8 @@ | ||
{ | ||
"comment_1179": "1179 is prototype pollution in minimist, used by eslint, restify, bunyan. Doesn't affect us, as we don't pass untrusted external inputs to the customs server.", | ||
"comment_1464": "Exception added for insufficient entropy error in 'cryptiles' in hapi 17 (cryptiles 3.x), fixed in hapi 18 (@hapi/cryptiles 4.1.2). See https://github.com/mozilla/fxa/issues/4035", | ||
"exceptions": [ | ||
"https://npmjs.com/advisories/1179", | ||
"https://npmjs.com/advisories/1464" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
{ | ||
"exceptions": [] | ||
"comment_1179": "1179 is prototype pollution in minimist, used by foxfire. Doesn't affect us, as we don't pass untrusted external inputs to foxfire.", | ||
"exceptions": [ | ||
"https://npmjs.com/advisories/1179" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
{ | ||
"exceptions": [] | ||
"comment_1179": "1179 is prototype pollution in minimist, used by eslint and mocha. Doesn't affect us, as we don't pass untrusted external inputs to those libraries.", | ||
"exceptions": [ | ||
"https://npmjs.com/advisories/1179" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,6 @@ | ||
{ | ||
"comment_1179": "1179 is prototype pollution in minimist, used by eslint, mocha. Doesn't affect us, as we don't pass untrusted external inputs to those libraries.", | ||
"exceptions": [ | ||
"https://npmjs.com/advisories/1179" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,6 @@ | ||
{ | ||
"comment_1179": "1179 is prototype pollution in minimist, used by eslint, mocha. Doesn't affect us, as we don't pass untrusted external inputs to those libraries.", | ||
"exceptions": [ | ||
"https://npmjs.com/advisories/1179" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,8 @@ | ||
{ | ||
"exception_1488": "1488 is a DoS against acorn (via webpack), which only applies if untrusted user content is passed in.", | ||
"comment_1179": "1179 is prototype pollution in minimist, used by eslint, grunt, webpack. Doesn't affect us, as we don't pass untrusted external inputs to those libraries.", | ||
"comment_1488": "1488 is a DoS against acorn (via webpack), which only applies if untrusted user content is passed in.", | ||
"exceptions": [ | ||
"https://npmjs.com/advisories/1179", | ||
"https://npmjs.com/advisories/1488" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
{ | ||
"exceptions": [] | ||
"comment_1179": "1179 is prototype pollution in minimist, used by eslint, tslint, mocha. Doesn't affect us, as we don't pass untrusted external inputs to these libraries.", | ||
"exceptions": [ | ||
"https://npmjs.com/advisories/1179" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
{ | ||
"exceptions": [] | ||
"comment_1179": "1179 is prototype pollution in minimist, used by tslint, mocha, handlebars. Doesn't affect us, as this library is only used by support agents, so untrusted external inputs aren't passed to handlebars.", | ||
"exceptions": [ | ||
"https://npmjs.com/advisories/1179" | ||
] | ||
} |