James E. King III created THRIFT-4757:
-----------------------------------------
Summary: grunt-shell-spawn drags in sync-exec which has a security
notice
Key: THRIFT-4757
URL: https://issues.apache.org/jira/browse/THRIFT-4757
Project: Thrift
Issue Type: Bug
Components: JavaScript - Library
Affects Versions: 0.12.0
Reporter: James E. King III
{noformat}
root@efc557466b90:/thrift/src/lib/js# npm audit
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Moderate Tmp files readable by other users
Package sync-exec
Patched in No patch available
Dependency of grunt-shell-spawn [dev]
Path grunt-shell-spawn > sync-exec
More info https://nodesecurity.io/advisories/310
found 1 moderate severity vulnerability in 2788 scanned packages
1 vulnerability requires manual review. See the full report for details.
{noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
