[jira] [Commented] (TOBAGO-1962) flatmap-stream in package-lock.json
[ https://issues.apache.org/jira/browse/TOBAGO-1962?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16707240#comment-16707240 ] Henning Noeth commented on TOBAGO-1962: --- Tobago 4 use the package-lock.json from bootstrap v4.1.3 which doesn't contain flatmap-stream. > flatmap-stream in package-lock.json > --- > > Key: TOBAGO-1962 > URL: https://issues.apache.org/jira/browse/TOBAGO-1962 > Project: MyFaces Tobago > Issue Type: Bug > Components: Themes >Affects Versions: 5.0.0 >Reporter: Henning Noeth >Assignee: Henning Noeth >Priority: Critical > Fix For: 5.0.0 > > > The flatmap-stream contain a malware which is targeting the copay > application. For more information, read the blog post at: > https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident > The flatmap-stream package can be found in the package-lock.json of the > current 5.0.0 master. This should be removed! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (TOBAGO-1962) flatmap-stream in package-lock.json
[ https://issues.apache.org/jira/browse/TOBAGO-1962?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Henning Noeth resolved TOBAGO-1962. --- Resolution: Fixed Fix Version/s: 5.0.0 "package-lock.json" files are updated and 'npm-run-all' is set to version ^4.1.5 https://github.com/apache/myfaces-tobago/commit/85150caf7125abeae108be004b9a23ffb63dd21a https://github.com/apache/myfaces-tobago/commit/abfedd30a8b5d3628c3ae783c62f198aa9a193a5 For Tobago 3 and 4: There is nothing to do. The 'bootstrap.js' files are build before flatmap-stream got malicious. > flatmap-stream in package-lock.json > --- > > Key: TOBAGO-1962 > URL: https://issues.apache.org/jira/browse/TOBAGO-1962 > Project: MyFaces Tobago > Issue Type: Bug > Components: Themes >Affects Versions: 5.0.0 >Reporter: Henning Noeth >Assignee: Henning Noeth >Priority: Critical > Fix For: 5.0.0 > > > The flatmap-stream contain a malware which is targeting the copay > application. For more information, read the blog post at: > https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident > The flatmap-stream package can be found in the package-lock.json of the > current 5.0.0 master. This should be removed! -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (TOBAGO-1962) 'flatmap-stream
Henning Noeth created TOBAGO-1962: - Summary: 'flatmap-stream Key: TOBAGO-1962 URL: https://issues.apache.org/jira/browse/TOBAGO-1962 Project: MyFaces Tobago Issue Type: Bug Components: Themes Affects Versions: 5.0.0 Reporter: Henning Noeth -- This message was sent by Atlassian JIRA (v7.6.3#76005)