-
Notifications
You must be signed in to change notification settings - Fork 944
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerable dependencies on [email protected] #1121
Comments
This still seems to be an issue. I'm using forever # npm audit report
glob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install forever@0.14.2, which is a breaking change
node_modules/chokidar/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/chokidar
forever-monitor >=1.6.0
Depends on vulnerable versions of chokidar
node_modules/forever-monitor
forever >=0.10.11
Depends on vulnerable versions of flatiron
Depends on vulnerable versions of forever-monitor
node_modules/forever
minimist <0.2.1
Severity: moderate
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix --force`
Will install forever@0.14.2, which is a breaking change
node_modules/optimist/node_modules/minimist
optimist >=0.6.0
Depends on vulnerable versions of minimist
node_modules/optimist
flatiron >=0.3.9
Depends on vulnerable versions of optimist
node_modules/flatiron
forever >=0.10.11
Depends on vulnerable versions of flatiron
Depends on vulnerable versions of forever-monitor
node_modules/forever
nconf 0.6.9 - 0.7.1
Depends on vulnerable versions of optimist
node_modules/nconf
broadway 0.2.9 - 0.3.6
Depends on vulnerable versions of nconf
node_modules/broadway
9 vulnerabilities (5 moderate, 4 high)``` |
Still an issue. changed 297 packages, and audited 298 packages in 4s 44 packages are looking for funding 13 vulnerabilities (1 moderate, 11 high, 1 critical) audit fix won't solve the problem |
Snyk report is showing multiple vulnerable dependencies on latest version of this repo.
1 high, 2 Medium, 1 low in severity
https://snyk.io/test/npm/forever
Do you have any fix in the pipeline or an ETA on when this will be patched and resolved?
Thanks,
The text was updated successfully, but these errors were encountered: