[jira] [Commented] (SENSSOFT-321) Gulp Mocha Dependency Deprecation: Critical Command Injection Vulnerability

Fri, 11 Jan 2019 11:20:33 -0800 


    [ 
https://issues.apache.org/jira/browse/SENSSOFT-321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16740687#comment-16740687
 ] 

Joshua Poore commented on SENSSOFT-321:
---------------------------------------

[~rf] - Have been testing code in prep for releasing -192 branch as 1.1.0, 
found a critical vulnerability RE Gulp Mocha. Going to see if simple update 
will fix, if breaking change, could use any support you feel like contributing.

> Gulp Mocha Dependency Deprecation: Critical Command Injection Vulnerability
> ---------------------------------------------------------------------------
>
>                 Key: SENSSOFT-321
>                 URL: https://issues.apache.org/jira/browse/SENSSOFT-321
>             Project: SensSoft
>          Issue Type: Bug
>          Components: UserALE.js
>    Affects Versions: UserALE.js 1.0.0, UserALE.js 1.1.0
>         Environment: javascript
>            Reporter: Joshua Poore
>            Assignee: Joshua Poore
>            Priority: Critical
>             Fix For: UserALE.js 1.1.0
>
>         Attachments: Gulp Mocha Vulnerability
>
>
> Multiple Warnings with NPM Build through -192 branch
> npm WARN deprecated [email protected]: 🙌  Thanks for using Babel: we 
> recommend using babel-preset-env now: please read babeljs.io/env to update! 
> {color:#FF0000}npm WARN deprecated [email protected]: gulp-util is deprecated - 
> replace it, following the guidelines at 
> https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5{color}
> npm WARN deprecated [email protected]: deprecated in favour of uglify-es
> npm WARN deprecated [email protected]: This package is unmaintained. Use 
> @sinonjs/formatio instead
> npm WARN deprecated [email protected]: This package has been deprecated in favour 
> of @sinonjs/samsam
> npm WARN deprecated [email protected]: please upgrade to graceful-fs 4 for 
> compatibility with current and future versions of Node.js
> npm WARN deprecated [email protected]: This package has been deprecated in favour 
> of @sinonjs/samsam
> npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or 
> higher to avoid a RegExp DoS issue
> npm WARN deprecated [email protected]: CircularJSON is in maintenance only, 
> flatted is its successor.
> npm WARN deprecated [email protected]: Please update to minimatch 3.0.2 or 
> higher to avoid a RegExp DoS issue
> npm WARN deprecated [email protected]: please upgrade to graceful-fs 4 for 
> compatibility with current and future versions of Node.js
> Notably:
> Gulp Mocha has a critical vulnerability (see attached for details
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to