Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

npm audit: Memory Exposure. #308

Closed
samcarecho opened this issue May 8, 2018 · 5 comments · Fixed by #315
Closed

npm audit: Memory Exposure. #308

samcarecho opened this issue May 8, 2018 · 5 comments · Fixed by #315

Comments

@samcarecho
Copy link

NPM audit is complaining about several moderate level vulnerabilities in a dependency required by gulp-imagemin.

│ moderate │ Memory Exposure
│ Package │ tunnel-agent
│ Dependency of │ gulp-imagemin
│ Path │ gulp-imagemin > imagemin-gifsicle > gifsicle > bin-build > download > caw > tunnel-agent
│ More info │ https://nodesecurity.io/advisories/598

│ moderate │ Memory Exposure
│ Package │ tunnel-agent
│ Dependency of │ gulp-imagemin
│ Path │ gulp-imagemin > imagemin-gifsicle > gifsicle > bin-wrapper > download > caw > tunnel-agent
│ More info │ https://nodesecurity.io/advisories/598

│ moderate │ Memory Exposure
│ Package │ tunnel-agent
│ Dependency of │ gulp-imagemin
│ Path │ gulp-imagemin > imagemin-jpegtran > jpegtran-bin > bin-build > download > caw > tunnel-agent
│ More info │ https://nodesecurity.io/advisories/598

│ moderate │ Memory Exposure
│ Package │ tunnel-agent
│ Dependency of │ gulp-imagemin
│ Path │ gulp-imagemin > imagemin-jpegtran > jpegtran-bin > bin-wrapper > download > caw > tunnel-agent
│ More info │ https://nodesecurity.io/advisories/598

│ moderate │ Memory Exposure
│ Package │ tunnel-agent
│ Dependency of │ gulp-imagemin
│ Path │ gulp-imagemin > imagemin-optipng > optipng-bin > bin-build > download > caw > tunnel-agent
│ More info │ https://nodesecurity.io/advisories/598

│ moderate │ Memory Exposure
│ Package │ tunnel-agent
│ Dependency of │ gulp-imagemin
│ Path │ gulp-imagemin > imagemin-optipng > optipng-bin > bin-wrapper > download > caw > tunnel-agent
│ More info │ https://nodesecurity.io/advisories/598

@ionceban
Copy link

Hi, any news here?

@Jamesking56
Copy link

Last commit was February, I think this repo is dead.

@Jikstra
Copy link

Jikstra commented Sep 12, 2018

@sindresorhus is still active on github, maybe he can update the dependency or at least merge a pr which fixes this?

@gustawdaniel
Copy link

@sindresorhus can you update dependencies?

@anselmbradford
Copy link

These dependencies have been updated, so hopefully soon here too!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants