Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Low severity vulnerability upon npm install #132

Closed
tobiaslohr opened this issue Apr 6, 2020 · 0 comments · Fixed by #133
Closed

Low severity vulnerability upon npm install #132

tobiaslohr opened this issue Apr 6, 2020 · 0 comments · Fixed by #133
Assignees
@tobiaslohr
Labels
bug Something isn't working
Milestone
2.5.0

Comments

@tobiaslohr
Copy link
Contributor 

$ npm install
$ npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm notice created a lockfile as package-lock.json. You should commit this file.
added 318 packages from 1070 contributors and audited 685 packages in 8.413s

7 packages are looking for funding
  run `npm fund` for details

found 1 low severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details
➜  master git:(master) npm audit

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ mocha [dev]                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ mocha > mkdirp > minimist                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 685 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Suggestion to move to latest-6 release of mocha (v6.2.3)
@tobiaslohr tobiaslohr added this to the 2.5.0 milestone Apr 6, 2020
@tobiaslohr tobiaslohr self-assigned this Apr 6, 2020
tobiaslohr added a commit to tobiaslohr/sfcc-ci that referenced this issue Apr 6, 2020
@tobiaslohr
SalesforceCommerceCloud#132 fix prototype polution vulnerability by u…
478f08c 
…pgrading mocha
@tobiaslohr tobiaslohr mentioned this issue Apr 6, 2020
Merged
@tobiaslohr tobiaslohr added the bug Something isn't working label Apr 7, 2020
@cc-prodsec cc-prodsec mentioned this issue Jun 23, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tobiaslohr tobiaslohr

Labels
bug Something isn't working
Projects
None yet
Milestone
2.5.0
Development

Successfully merging a pull request may close this issue.

upgrading mocha tobiaslohr/sfcc-ci
1 participant
@tobiaslohr