Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit security: coveralls #308

Closed
Zearin opened this issue Jun 1, 2018 · 3 comments
Closed

Audit security: coveralls #308

Zearin opened this issue Jun 1, 2018 · 3 comments

Comments

@Zearin
Copy link
Contributor

Zearin commented Jun 1, 2018

npm audit shows that coveralls has 6 “Moderate” security vulnerabilities.

Let’s fix ’em.
@Ajedi32
Copy link
Member

Ajedi32 commented Jun 1, 2018

Pretty much all dependencies could probably use a refresh at this point. They haven't been updated in a while.

@Zearin
Copy link
Contributor Author

Zearin commented Jun 1, 2018

Yup! I’m planning on it.

@Ajedi32 Ajedi32 closed this as completed in 5f9c26a Jun 1, 2018
@Zearin
Copy link
Contributor Author

Zearin commented Jun 2, 2018

For record keeping, I’m adding the npm audit report to show the vulnerabilities fixed by closing this Issue.

# Run  npm install --save-dev coveralls@3.0.1  to resolve 5 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ hoek                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ coveralls [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ coveralls > request > hawk > boom > hoek                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/566                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ hoek                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ coveralls [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ coveralls > request > hawk > cryptiles > boom > hoek         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/566                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ hoek                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ coveralls [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ coveralls > request > hawk > hoek                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/566                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ hoek                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ coveralls [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ coveralls > request > hawk > sntp > hoek                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/566                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Memory Exposure                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ tunnel-agent                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ coveralls [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ coveralls > request > tunnel-agent                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/598                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

@Douhgn Douhgn mentioned this issue Jul 12, 2024
Open
@YoYBaBy YoYBaBy mentioned this issue Jul 23, 2024
Open
This was referenced Sep 9, 2024
Open
Open
Open
Open
Open
This was referenced Sep 17, 2024
Open
Open
Open
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Zearin @Ajedi32