web-component-tester 6.6.0 critical audit issues #514
Assignees
Labels
Comments
|
I just checked |
|
What is needed to help this move further? |
|
I am working on this in #533 |
|
With [email protected] there's only 2 low severity vulnerabilities left and both are from lodash 3. This can't be fixed without a breaking update to lodash 4. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This was referenced Sep 15, 2021
|
This issue has been automatically closed after being marked stale. If you're still facing this problem with the above solution, please comment and we'll reopen! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am making this issue because my team is looking at audit issues in web-component-tester for more than few months now.
This is the result of npm audit when installing the newest version of web-component-tester (6.6.0):
=== npm audit security report === Manual Review Some vulnerabilities require your attention to resolve Visit https://go.npm.me/audit-guide for additional guidance High Regular Expression Denial of Service Package fresh Patched in >= 0.5.2 Dependency of web-component-tester Path web-component-tester > polyserve > send > fresh More info https://nodesecurity.io/advisories/526 High Regular Expression Denial of Service Package fresh Patched in >= 0.5.2 Dependency of web-component-tester Path web-component-tester > send > fresh More info https://nodesecurity.io/advisories/526 Critical Command Injection Package growl Patched in >=1.10.2 Dependency of web-component-tester Path web-component-tester > mocha > growl More info https://nodesecurity.io/advisories/146 Moderate Regular Expression Denial of Service Package ms Patched in >0.7.0 Dependency of web-component-tester Path web-component-tester > send > debug > ms More info https://nodesecurity.io/advisories/46 Moderate Regular Expression Denial of Service Package ms Patched in >0.7.0 Dependency of web-component-tester Path web-component-tester > send > ms More info https://nodesecurity.io/advisories/46 Moderate Regular Expression Denial of Service Package mime Patched in >= 1.4.1 < 2.0.0 || >= 2.0.3 Dependency of web-component-tester Path web-component-tester > polyserve > send > mime More info https://nodesecurity.io/advisories/535 Moderate Regular Expression Denial of Service Package mime Patched in >= 1.4.1 < 2.0.0 || >= 2.0.3 Dependency of web-component-tester Path web-component-tester > send > mime More info https://nodesecurity.io/advisories/535 Low Prototype Pollution Package lodash Patched in >=4.17.5 Dependency of web-component-tester Path web-component-tester > lodash More info https://nodesecurity.io/advisories/577 Low Prototype Pollution Package lodash Patched in >=4.17.5 Dependency of web-component-tester Path web-component-tester > stacky > lodash More info https://nodesecurity.io/advisories/577 Low Prototype Pollution Package lodash Patched in >=4.17.5 Dependency of web-component-tester Path web-component-tester > wct-sauce > lodash More info https://nodesecurity.io/advisories/577 Low Regular Expression Denial of Service Package debug Patched in >= 2.6.9 < 3.0.0 || >= 3.1.0 Dependency of web-component-tester Path web-component-tester > mocha > debug More info https://nodesecurity.io/advisories/534 Low Regular Expression Denial of Service Package debug Patched in >= 2.6.9 < 3.0.0 || >= 3.1.0 Dependency of web-component-tester Path web-component-tester > polyserve > send > debug More info https://nodesecurity.io/advisories/534 Low Regular Expression Denial of Service Package debug Patched in >= 2.6.9 < 3.0.0 || >= 3.1.0 Dependency of web-component-tester Path web-component-tester > send > debug More info https://nodesecurity.io/advisories/534 Low Prototype Pollution Package deep-extend Patched in >=0.5.1 Dependency of web-component-tester Path web-component-tester > polyserve > command-line-usage > table-layout > deep-extend More info https://nodesecurity.io/advisories/612 Low Prototype Pollution Package deep-extend Patched in >=0.5.1 Dependency of web-component-tester Path web-component-tester > polyserve > polymer-build > polymer-bundler > command-line-usage > table-layout > deep-extend More info https://nodesecurity.io/advisories/612 found 15 vulnerabilities (8 low, 4 moderate, 2 high, 1 critical) in 5634 scanned packages 15 vulnerabilities require manual review. See the full report for details.The text was updated successfully, but these errors were encountered: