Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chore: Fix vulnerabilities found in installed packages #15837

Merged
merged 2 commits into from
May 27, 2019
Merged

Chore: Fix vulnerabilities found in installed packages #15837

merged 2 commits into from
May 27, 2019

Conversation

gziolo
Copy link
Member

@gziolo gziolo commented May 27, 2019

Description

Before:

$ npm i

audited 1865619 packages in 13.427s
found 12 vulnerabilities (2 moderate, 10 high)

After:

$ npm i

audited 1865616 packages in 15.588s
found 2 high severity vulnerabilities

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Use-After-Free                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ puppeteer                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=1.13.0                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ 8290eee8c8e1ee9c5548067c559c61f90730619a2ac8001766ab50f8657… │
│               │ [dev]                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ 8290eee8c8e1ee9c5548067c559c61f90730619a2ac8001766ab50f8657… │
│               │ >                                                            │
│               │ f6c8d3d09ee2accad1f24880eba2e5088260d0182e66197e1c2124d6e25… │
│               │ > puppeteer                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/824                             │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Use-After-Free                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ puppeteer                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=1.13.0                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ f6c8d3d09ee2accad1f24880eba2e5088260d0182e66197e1c2124d6e25… │
│               │ [dev]                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ f6c8d3d09ee2accad1f24880eba2e5088260d0182e66197e1c2124d6e25… │
│               │ > puppeteer                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/824                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

Puppeteer is being handled separately in #14986.

@gziolo
Chore: Run npm audit fix
f4a637f 
fixed 8 of 12 vulnerabilities in 1865619 scanned packages
@gziolo
Chore: Fix more dependencies
36815c5
@gziolo gziolo changed the title Chore: Fix Chore: Fix vulnerabilities found in installed packages May 27, 2019
@gziolo gziolo self-assigned this May 27, 2019
@gziolo gziolo added the [Type] Code Quality Issues or PRs that relate to code quality label May 27, 2019
youknowriad
youknowriad approved these changes May 27, 2019
View reviewed changes
Copy link
Contributor

@youknowriad youknowriad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@gziolo gziolo merged commit 7412994 into master May 27, 2019
@gziolo gziolo added this to the 5.8 (Gutenberg) milestone May 27, 2019
@gziolo gziolo deleted the update/npm-audit-fix branch May 27, 2019 08:19
@aduth
Copy link
Member

aduth commented May 28, 2019

We made it a whole two days before more advisories 😅

npm i

audited 1865616 packages in 14.237s
found 2 high severity vulnerabilities
  run `npm audit fix` to fix them, or `npm audit` for details

This was referenced Oct 16, 2024
Open
Open
Open
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@youknowriad youknowriad youknowriad approved these changes

@aduth aduth Awaiting requested review from aduth

@ajitbohra ajitbohra Awaiting requested review from ajitbohra

@nerrad nerrad Awaiting requested review from nerrad

@oandregal oandregal Awaiting requested review from oandregal

@ntwb ntwb Awaiting requested review from ntwb

Assignees

@gziolo gziolo

Labels
[Type] Code Quality Issues or PRs that relate to code quality
Projects
None yet
Milestone
5.8 (Gutenberg)
Development

Successfully merging this pull request may close these issues.
3 participants
@gziolo @aduth @youknowriad