thrift-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James E. King III (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (THRIFT-4757) grunt-shell-spawn drags in sync-exec which has a security notice
Date Thu, 24 Jan 2019 20:39:00 GMT

    [ https://issues.apache.org/jira/browse/THRIFT-4757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16751571#comment-16751571
] 

James E. King III commented on THRIFT-4757:
-------------------------------------------

Note: grunt-shell-spawn is not actively maintained.  We might need to fix this ourselves.

> grunt-shell-spawn drags in sync-exec which has a security notice
> ----------------------------------------------------------------
>
>                 Key: THRIFT-4757
>                 URL: https://issues.apache.org/jira/browse/THRIFT-4757
>             Project: Thrift
>          Issue Type: Bug
>          Components: JavaScript - Library
>    Affects Versions: 0.12.0
>            Reporter: James E. King III
>            Priority: Major
>
> {noformat}
> root@efc557466b90:/thrift/src/lib/js# npm audit
>                        === npm audit security report ===
>                                  Manual Review
>              Some vulnerabilities require your attention to resolve
>           Visit https://go.npm.me/audit-guide for additional guidance
>   Moderate        Tmp files readable by other users
>   Package         sync-exec
>   Patched in      No patch available
>   Dependency of   grunt-shell-spawn [dev]
>   Path            grunt-shell-spawn > sync-exec
>   More info       https://nodesecurity.io/advisories/310
> found 1 moderate severity vulnerability in 2788 scanned packages
>   1 vulnerability requires manual review. See the full report for details.
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message