Current NPM Version 1.1.3 has a high risk vulnerability #21

rbdodds-tango · 2020-03-10T16:32:59Z

Please remove the reportportal-client-restler dependency as it leverages a project that has been dead for 5 years and has security risks.

Dependency of -> agent-js-cypress
Path -> agent-js-cypress > reportportal-client-restler > restler > qs
More info -> https://npmjs.com/advisories/1469

├─┬ agent-js-cypress@1.1.3
│ └─┬ reportportal-client-restler@1.0.0
│ └─┬ restler@3.4.0
│ └── qs@1.2.0

The text was updated successfully, but these errors were encountered:

DiscoElevator · 2020-03-17T14:30:02Z

Hello, @rbdodds-tango
Thanks for raising this issue. Next release for support RP v5 will have updated dependencies. You can see them in the master branch: package.json
Please reopen if you have any questions or concerns.

rbdodds-tango changed the title ~~Version 1.1.3 Introduces high risk vulnerability~~ Version 1.1.13 Introduces high risk vulnerability Mar 10, 2020

rbdodds-tango changed the title ~~Version 1.1.13 Introduces high risk vulnerability~~ Current NPM Version 1.1.3 has a high risk vulnerability Mar 10, 2020

DzmitryHumianiuk assigned DiscoElevator and AmsterGet Mar 17, 2020

DzmitryHumianiuk added the dependencies Pull requests that update a dependency file label Mar 17, 2020

DiscoElevator closed this as completed Mar 17, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Current NPM Version 1.1.3 has a high risk vulnerability #21

Current NPM Version 1.1.3 has a high risk vulnerability #21

rbdodds-tango commented Mar 10, 2020

DiscoElevator commented Mar 17, 2020

Current NPM Version 1.1.3 has a high risk vulnerability #21

Current NPM Version 1.1.3 has a high risk vulnerability #21

Comments

rbdodds-tango commented Mar 10, 2020

DiscoElevator commented Mar 17, 2020