You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 10, 2024. It is now read-only.
Npm 6.1's audit feature reports that the latest ember-cli-mocha (0.15.0) has vulnerabilities found. Of particular worry is the growl command injection vuln.
It looks like #167 & #73 are preventing the upgrade to get rid of the vulnerability.
jbryson3@unknown-DHCP-client-134-0-2-10 ~/c/t/ember-latest> npm audit
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical │ Command Injection │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ growl │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.10.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ ember-cli-mocha [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ ember-cli-mocha > ember-mocha > mocha > growl │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/146 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ ember-cli-mocha [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ ember-cli-mocha > ember-mocha > mocha > glob > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ ember-cli-mocha [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ ember-cli-mocha > ember-mocha > mocha > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 3 vulnerabilities (1 low, 1 high, 1 critical) in 58904 scanned packages
3 vulnerabilities require manual review. See the full report for details.
Steps to reproduce
npm i -g npm
npm i -g ember-cli
ember init
ember install ember-cli-mocha
npm audit
The text was updated successfully, but these errors were encountered:
Npm 6.1's audit feature reports that the latest ember-cli-mocha (0.15.0) has vulnerabilities found. Of particular worry is the
growl
command injection vuln.It looks like #167 & #73 are preventing the upgrade to get rid of the vulnerability.
Steps to reproduce
npm i -g npm
npm i -g ember-cli
ember init
ember install ember-cli-mocha
npm audit
The text was updated successfully, but these errors were encountered: