[
https://issues.apache.org/jira/browse/FLAGON-423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joshua Poore closed FLAGON-423.
-------------------------------
Resolution: Fixed
reduced affected dependencies by 280+ down to 1 remaining vulnerability in npm
audit report.
> Update Package File to Fix Down Stream Dependencies
> ---------------------------------------------------
>
> Key: FLAGON-423
> URL: https://issues.apache.org/jira/browse/FLAGON-423
> Project: Flagon
> Issue Type: Sub-task
> Components: UserALE.js
> Affects Versions: UserALE.js 2.0.0, UserALE.js 2.0.1
> Environment: node.js
> Reporter: Joshua Poore
> Assignee: Joshua Poore
> Priority: Blocker
> Fix For: UserALE.js 2.0.1, UserALE.js 2.0.0
>
>
> Because the Prototype Pollution vulnerability is so pervasive, npm is rolling
> back their "immutable" registry policy to allow for fixes to previous
> versions of ubiquitous dependencies (set-value, mixit, lodash). These fixes
> will bubble up to existing versions of major userale.js dev dependencies
> (gulp, nodemon, babel, etc., etc.). However, as the registry will accept
> changes to prior versions of dependencies, the hashes on these dependencies
> will change. This requires that we regenerate our package.json file.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
