[ https://issues.apache.org/jira/browse/SENSSOFT-321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16741437#comment-16741437 ]
Joshua Poore commented on SENSSOFT-321: --------------------------------------- Tested and pushed patch to MASTER > Gulp Mocha Dependency Deprecation: Critical Command Injection Vulnerability > --------------------------------------------------------------------------- > > Key: SENSSOFT-321 > URL: https://issues.apache.org/jira/browse/SENSSOFT-321 > Project: SensSoft > Issue Type: Bug > Components: UserALE.js > Affects Versions: UserALE.js 1.0.0, UserALE.js 1.1.0 > Environment: javascript > Reporter: Joshua Poore > Assignee: Joshua Poore > Priority: Critical > Fix For: UserALE.js 1.1.0 > > Attachments: Gulp Mocha Vulnerability > > > Gulp Mocha v3.x has a critical vulnerability (see attached terminal output > for details) due to "growl" package dependency. Vulnerability must be fixed > before deployed on a network with any exposure. > Running NPM/Node v 11.6 > Will post in comments as issue is explored. > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)