Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix vulnerabilities #172

Merged
merged 2 commits into from Sep 3, 2020
Merged

Fix vulnerabilities #172

merged 2 commits into from Sep 3, 2020

Conversation

jannyHou
Copy link
Contributor

@jannyHou jannyHou commented Sep 2, 2020
edited

Signed-off-by: jannyHou juehou@ca.ibm.com

1st commit: Fix the root level vulnerabilities

  • npm audit passes
jannyHous-MBP:strong-globalize jannyhou$ npm audit
                                                                                
                       === npm audit security report ===                        
                                                                                
found 0 vulnerabilities
 in 1041 scanned packages
  • snyk test also passes
jannyHous-MBP:strong-globalize jannyhou$ snyk test

Testing /Users/jannyhou/Desktop/August/strong-globalize...

Organization:      jannyhou
Package manager:   npm
Target file:       package-lock.json
Project name:      strong-globalize
Open source:       no
Project path:      /Users/jannyhou/Desktop/August/strong-globalize
Licenses:          enabled

✓ Tested /Users/jannyhou/Desktop/August/strong-globalize for known issues, no vulnerable paths found.

Tip: Detected multiple supported manifests (5), use --all-projects to scan all of them at once.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

2nd commit: Fix the cli vulnerability caused by https://github.com/strongloop-internal/scrum-apex/issues/445

jannyHous-MBP:cli jannyhou$ npm audit fix
updated 1 package in 2.5s
fixed 1 of 2 vulnerabilities in 571 scanned packages
  1 vulnerability required manual review and could not be updated
jannyHous-MBP:cli jannyhou$ npm audit
                                                                                
                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ optimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ optimist > minimist                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 571 scanned packages
  1 vulnerability requires manual review. See the full report for details.

The other one will be fixed in https://github.com/strongloop-internal/scrum-apex/issues/446

@jannyHou
chore: fix vulnerabilities by npm audit fix
d03794e 
Signed-off-by: jannyHou <juehou@ca.ibm.com>
@jannyHou jannyHou merged commit 48e4faf into master Sep 3, 2020
@delete-merged-branch delete-merged-branch bot deleted the update/dep branch September 3, 2020 13:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hacksparrow hacksparrow hacksparrow approved these changes

@codechennerator codechennerator codechennerator approved these changes

@raymondfeng raymondfeng Awaiting requested review from raymondfeng raymondfeng is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jannyHou @hacksparrow @codechennerator