Skip to content
This repository was archived by the owner on Dec 13, 2018. It is now read-only.

gulp-order and minimatch security issue #8

Open
tituspijean opened this issue Sep 5, 2018 · 0 comments
Open

gulp-order and minimatch security issue #8

tituspijean opened this issue Sep 5, 2018 · 0 comments
Assignees
@tobyzerner

Comments

@tituspijean
Copy link

tituspijean commented Sep 5, 2018
edited
Loading

When I do npm install in a js/forum or js/admin extension folder, I am getting several warnings that invite me to do a npm audit fix, after which remains one report which requires a manual fix on your end.

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimatch                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.0.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ flarum-gulp [dev]                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ flarum-gulp > gulp-order > minimatch                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/118                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 high severity vulnerability in 6952 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Both minimatch and gulp-order have been fixed, the latter as of version 1.2.0.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@tobyzerner tobyzerner

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tobyzerner @tituspijean