Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerabilities in report app dependencies #407

Closed
tkaik opened this issue Oct 19, 2018 · 1 comment · Fixed by #470
Closed

Security vulnerabilities in report app dependencies #407

tkaik opened this issue Oct 19, 2018 · 1 comment · Fixed by #470
Assignees
@wblachowski
Labels
bug help wanted Hey, contributor! We need your help.

Comments

@tkaik
Copy link
Contributor

tkaik commented Oct 19, 2018

Version used

  • AET 3.0.1

Context of the issue/feature

After migration to gulp (see #299, #321) GitHub reports security vulnerabilities in report app dependencies - see details here: https://github.com/Cognifide/aet/network/alerts. Please fix them - possibly bower needs to be replaced with some other tool.

2018-10-19_13h43_46
@malaskowski malaskowski added bug help wanted Hey, contributor! We need your help. labels Oct 23, 2018
@fbatk fbatk self-assigned this Nov 14, 2018
@fbatk
Copy link
Contributor

fbatk commented Nov 21, 2018
edited
Loading

Investigation showed that most of the troublesome dependencies indeed come from bower. Even if we bump-up those dependencies explicitly in package.json, they will still be included in older versions, as that's what bower requires and lists as explicit dependencies. In summary, it seems replacing bower with a different tool is the only way to go.

@fbatk fbatk removed their assignment Nov 21, 2018
@wblachowski wblachowski self-assigned this Jan 22, 2019
@wblachowski wblachowski mentioned this issue Jan 25, 2019
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wblachowski wblachowski

Labels
bug help wanted Hey, contributor! We need your help.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bugfix/security vulnerabilities wblachowski/aet
4 participants
@tkaik @malaskowski @wblachowski @fbatk