Shazron Abdullah created CB-11484:
-------------------------------------
Summary: coho test failure (library vulnerability)
Key: CB-11484
URL: https://issues.apache.org/jira/browse/CB-11484
Project: Apache Cordova
Issue Type: Bug
Reporter: Shazron Abdullah
Priority: Critical
Our use of [email protected] contains down the tree, a vulnerable library
[email protected]
{code}
(node:53884) fs: re-evaluating native module sources is not supported. If you
are using the graceful-fs module, please update it to a more recent version.
(+) 1 vulnerabilities found
┌───────────────┬────────────────────────────────────────────────────────────────────────────┐
│ │ Regular Expression Denial of Service
│
├───────────────┼────────────────────────────────────────────────────────────────────────────┤
│ Name │ minimatch
│
├───────────────┼────────────────────────────────────────────────────────────────────────────┤
│ Installed │ 2.0.10
│
├───────────────┼────────────────────────────────────────────────────────────────────────────┤
│ Vulnerable │ <=3.0.1
│
├───────────────┼────────────────────────────────────────────────────────────────────────────┤
│ Patched │ >=3.0.2
│
├───────────────┼────────────────────────────────────────────────────────────────────────────┤
│ Path │ [email protected] > [email protected] > [email protected] >
[email protected] │
├───────────────┼────────────────────────────────────────────────────────────────────────────┤
│ More Info │ https://nodesecurity.io/advisories/118
│
└───────────────┴────────────────────────────────────────────────────────────────────────────┘
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
