[
https://issues.apache.org/jira/browse/TOBAGO-1962?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Henning Noeth resolved TOBAGO-1962.
-----------------------------------
Resolution: Fixed
Fix Version/s: 5.0.0
"package-lock.json" files are updated and 'npm-run-all' is set to version ^4.1.5
https://github.com/apache/myfaces-tobago/commit/85150caf7125abeae108be004b9a23ffb63dd21a
https://github.com/apache/myfaces-tobago/commit/abfedd30a8b5d3628c3ae783c62f198aa9a193a5
For Tobago 3 and 4:
There is nothing to do. The 'bootstrap.js' files are build before
flatmap-stream got malicious.
> flatmap-stream in package-lock.json
> -----------------------------------
>
> Key: TOBAGO-1962
> URL: https://issues.apache.org/jira/browse/TOBAGO-1962
> Project: MyFaces Tobago
> Issue Type: Bug
> Components: Themes
> Affects Versions: 5.0.0
> Reporter: Henning Noeth
> Assignee: Henning Noeth
> Priority: Critical
> Fix For: 5.0.0
>
>
> The flatmap-stream contain a malware which is targeting the copay
> application. For more information, read the blog post at:
> https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident
> The flatmap-stream package can be found in the package-lock.json of the
> current 5.0.0 master. This should be removed!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
