You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Security vulnerability in a dependency of serverless
There is currently a failure when we run npm audit on a project that has serverless as a dependency. There is currently no fix for this other than to ignore the vulnerability as the author of the original project where the vulnerability occurs has probably abandoned it. ( kevva/decompress#71 ).
What did you do?
I ran npm audit on a project which has serverless as a dependency.
What happened?
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Write │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ decompress │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ serverless [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ serverless > decompress │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1217 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Arbitrary File Write │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ decompress │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ serverless [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ serverless > download > decompress │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1217 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 2 high severity vulnerabilities in 4399 scanned packages
2 vulnerabilities require manual review. See the full report for details.
What should've happened?
No audit errors.
What's the content of your serverless.yml file?
NA.
What's the output you get when you use the SLS_DEBUG=* environment variable (e.g. SLS_DEBUG=* serverless deploy)
NA
The text was updated successfully, but these errors were encountered:
Security vulnerability in a dependency of serverless
There is currently a failure when we run
npm audit
on a project that has serverless as a dependency. There is currently no fix for this other than to ignore the vulnerability as the author of the original project where the vulnerability occurs has probably abandoned it. ( kevva/decompress#71 ).I ran
npm audit
on a project which hasserverless
as a dependency.No audit errors.
serverless.yml
file?NA.
SLS_DEBUG=*
environment variable (e.g.SLS_DEBUG=* serverless deploy
)NA
The text was updated successfully, but these errors were encountered: