Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm audit fix related to https-proxy-agent #4359

Merged
merged 1 commit into from
Feb 8, 2020
Merged

npm audit fix related to https-proxy-agent #4359

merged 1 commit into from
Feb 8, 2020

Conversation

christianheine
Copy link
Contributor

npm audit lists two high vulnerabilities related to https-proxy-agent during install (of this repo).

npm install
...
found 2 high severity vulnerabilities

npm audit fix updates https-proxy-agent from version 2.2.2 to 2.2.4.

npm audit
                                                                                
                       === npm audit security report ===                        
                                                                                
# Run  npm update https-proxy-agent --depth 3  to resolve 2 vulnerabilities
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Machine-In-The-Middle                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ https-proxy-agent                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ codecov [dev]                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ codecov > teeny-request > https-proxy-agent                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1184                            │
└───────────────┴──────────────────────────────────────────────────────────────┘


┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Machine-In-The-Middle                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ https-proxy-agent                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ puppeteer [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ puppeteer > https-proxy-agent                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1184                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

Running npm test results in

  2720 passing (46s)
  24 pending

There seems to be no open issue related to this - and since this was quickly fixed, I decided to rather create directly create a PR. Hope this is ok.

@Conduitry Conduitry merged commit a40f4ad into sveltejs:master Feb 8, 2020
jesseskinner pushed a commit to jesseskinner/svelte that referenced this pull request Feb 27, 2020
@christianheine @jesseskinner
npm audit fix related to https-proxy-agent (sveltejs#4359)
5732439
taylorzane pushed a commit to taylorzane/svelte that referenced this pull request Dec 17, 2020
@christianheine @taylorzane
npm audit fix related to https-proxy-agent (sveltejs#4359)
eb14bea
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@christianheine @Conduitry