Growl security vulnerability #412
Labels
core
Issues in the core code (lib/core)
Comments
|
It looks like this was fixed–there's a new version of 1.10.2. tj/node-growl@d71177d But–there's a thread by the Mocha team on updating it, without a resolution (yet). We can follow that here: mochajs/mocha#2930 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Our build broke due to a security vulnerability in Growl, found by retire.js.
Growl is included in many major libraries, including Mocha. I added a commit to ignore Mocha in retire.js, but to get our build to run I also had to disable Growl, which means it's being included by another dependency (possibly Babel, but I don't see it in their package.json).
We should remove the ignore setting for Growl as soon as the vulnerability is fixed, unless we determine it only impacts testing and therefore has a lower risk. The vuln can be monitored at https://nodesecurity.io/advisories/146.
The text was updated successfully, but these errors were encountered: