Your message dated Sat, 15 Sep 2018 18:46:51 +0530
with message-id <[email protected]>
and subject line Re: npm talks about security vulnerabilities when trying to do
its work.
has caused the Debian Bug report #907326,
regarding npm talks about security vulnerabilities when trying to do its work.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
907326: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907326
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: npm
Version: 5.8.0+ds-2
Severity: normal
Dear Maintainer,
I was trying to build an upstream version of requestpolicy and got the
following warnings -
~/games/requestpolicy$ make
npm install
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm WARN notice [SECURITY] lodash has the following vulnerability: 1
low. Go here for more details:
https://nodesecurity.io/advisories?search=lodash&version=4.17.4 - Run
`npm i npm@latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm WARN notice [SECURITY] debug has the following vulnerability: 1
low. Go here for more details:
https://nodesecurity.io/advisories?search=debug&version=2.6.8 - Run
`npm i npm@latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm WARN notice [SECURITY] randomatic has the following vulnerability:
1 low. Go here for more details:
https://nodesecurity.io/advisories?search=randomatic&version=1.1.7 -
Run `npm i npm@latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm WARN notice [SECURITY] minimatch has the following vulnerability:
1 high. Go here for more details:
https://nodesecurity.io/advisories?search=minimatch&version=0.2.14 -
Run `npm i npm@latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm ERR! write after end
npm WARN notice [SECURITY] minimatch has the following vulnerability:
1 high. Go here for more details:
https://nodesecurity.io/advisories?search=minimatch&version=2.0.10 -
Run `npm i npm@latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm WARN notice [SECURITY] lodash has the following vulnerability: 1
low. Go here for more details:
https://nodesecurity.io/advisories?search=lodash&version=1.0.2 - Run
`npm i npm@latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm ERR! write after end
npm WARN notice [SECURITY] randomatic has the following vulnerability:
1 low. Go here for more details:
https://nodesecurity.io/advisories?search=randomatic&version=1.1.7 -
Run `npm i npm@latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm WARN notice [SECURITY] lodash has the following vulnerability: 1
low. Go here for more details:
https://nodesecurity.io/advisories?search=lodash&version=3.10.1 - Run
`npm i npm@latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm WARN notice [SECURITY] atob has the following vulnerability: 1
moderate. Go here for more details:
https://nodesecurity.io/advisories?search=atob&version=1.1.3 - Run
`npm i npm@latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm WARN notice [SECURITY] sshpk has the following vulnerability: 1
high. Go here for more details:
https://nodesecurity.io/advisories?search=sshpk&version=1.13.1 - Run
`npm i npm@latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm WARN notice [SECURITY] growl has the following vulnerability: 1
critical. Go here for more details:
https://nodesecurity.io/advisories?search=growl&version=1.9.2 - Run
`npm i npm@latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm WARN notice [SECURITY] is-my-json-valid has the following
vulnerability: 1 low. Go here for more details:
https://nodesecurity.io/advisories?search=is-my-json-valid&version=2.16.1
- Run `npm i npm@latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm WARN notice [SECURITY] stringstream has the following
vulnerability: 1 moderate. Go here for more details:
https://nodesecurity.io/advisories?search=stringstream&version=0.0.5 -
Run `npm i npm@latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm ERR! write after end
npm WARN notice [SECURITY] hoek has the following vulnerability: 1
moderate. Go here for more details:
https://nodesecurity.io/advisories?search=hoek&version=4.2.0 - Run
`npm i npm@latest -g` to upgrade your npm version, and then `npm
audit` to get more info.
npm ERR! write after end
npm ERR! write after end
npm ERR! A complete log of this run can be found in:
npm ERR! /home/shirish/.npm/_logs/2018-08-26T14_07_40_249Z-debug.log
make: *** [Makefile:351: node_modules/.timestamp_packages] Error 1
Could you fix the above issues ?
-- System Information:
Debian Release: buster/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (100,
'unstable-debug'), (100, 'experimental-debug'), (100, 'experimental'),
(100, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.17.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8), LANGUAGE=en_IN:en
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages npm depends on:
ii node-abbrev 1.0.9-1
ii node-ansi 0.3.0-2
ii node-ansi-color-table 1.0.0-1
ii node-ansi-regex 3.0.0-1
ii node-ansistyles 0.1.3-1
ii node-aproba 1.2.0-1
ii node-archy 1.0.0-1
ii node-are-we-there-yet 1.1.4-1
ii node-aws-sign2 0.7.1-1
ii node-block-stream 0.0.9-1
ii node-bluebird 3.5.1+dfsg2-2
ii node-caseless 0.12.0-1
ii node-chalk 2.3.0-1
ii node-config-chain 1.1.11-1
ii node-detect-indent 5.0.0-1
ii node-editor 1.0.0-1
ii node-encoding 0.1.12-2
ii node-fs-vacuum 1.2.10-2
ii node-fstream 1.0.10-1
ii node-fstream-ignore 0.0.6-2
ii node-gauge 2.7.4-1
ii node-github-url-from-git 1.4.0-1
ii node-glob 7.1.2-6
ii node-graceful-fs 4.1.11-1
ii node-gyp 3.6.2-2
ii node-har-validator 5.0.2-1
ii node-has-unicode 2.0.1-2
ii node-hawk 6.0.1+dfsg-1
ii node-hosted-git-info 2.5.0-1
ii node-iferr 1.0.2-1
ii node-import-lazy 3.0.0.REALLY.2.1.0-1
ii node-inflight 1.0.6-1
ii node-inherits 2.0.3-1
ii node-ini 1.3.4-1
ii node-is-npm 1.0.0-1
ii node-is-typedarray 1.0.0-2
ii node-isstream 0.1.2+dfsg-1
ii node-jsonstream 1.3.2-1
ii node-latest-version 3.1.0-1
ii node-lazy-property 1.0.0-1
ii node-lockfile 0.4.1-1
ii node-lru-cache 4.1.1-1
ii node-minimatch 3.0.4-3
ii node-mkdirp 0.5.1-1
ii node-move-concurrently 1.0.1-1
ii node-nopt 3.0.6-3
ii node-normalize-package-data 2.3.5-2
ii node-npmlog 4.1.2-1
ii node-once 1.4.0-2
ii node-opener 1.4.3-1
ii node-osenv 0.1.4-1
ii node-path-is-inside 1.0.2-1
ii node-performance-now 2.1.0+debian-1
ii node-promise-inflight 1.0.1-1
ii node-read 1.0.7-1
ii node-read-package-json 1.2.4-1
ii node-readable-stream 2.3.6-1
ii node-request 2.26.1-1
ii node-retry 0.10.1-1
ii node-rimraf 2.6.2-1
ii node-safe-buffer 5.1.2-1
ii node-semver 5.4.1-1
ii node-semver-diff 2.1.0-2
ii node-set-blocking 2.0.0-1
ii node-sha 1.2.3-1
ii node-slide 1.1.6-1
ii node-sorted-object 2.0.1-1
ii node-stringstream 0.0.6-1
ii node-strip-ansi 4.0.0-1
ii node-tar 4.4.4+ds1-2
ii node-tough-cookie 2.3.4+dfsg-1
ii node-uid-number 0.0.6-1
ii node-underscore 1.8.3~dfsg-1
ii node-unique-filename 1.1.0+ds-2
ii node-unpipe 1.0.0-1
ii node-validate-npm-package-license 3.0.1-1
ii node-which 1.3.0-1
ii node-wrappy 1.0.2-1
ii node-yargs 10.0.3-2
ii nodejs 8.11.2~dfsg-1
npm recommends no packages.
npm suggests no packages.
-- no debconf information
--
Regards,
Shirish Agarwal शिरीष अग्रवाल
My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8
--- End Message ---
--- Begin Message ---
On Sun, 26 Aug 2018 19:55:30 +0530
=?UTF-8?B?c2hpcmlzaCDgpLbgpL/gpLDgpYDgpLc=?= <[email protected]> wrote:
> I was trying to build an upstream version of requestpolicy and got the
> following warnings -
>
> ~/games/requestpolicy$ make
> npm install
> npm ERR! write after end
> npm ERR! write after end
> npm ERR! write after end
> npm ERR! write after end
> npm ERR! write after end
> npm ERR! write after end
> npm WARN notice [SECURITY] lodash has the following vulnerability: 1
> low. Go here for more details:
> https://nodesecurity.io/advisories?search=lodash&version=4.17.4 -
These seems to be security issues affecting the dependencies of the
package you are trying to build and not for npm. Closing.
npm install --save --production pretty-ms
npm WARN [email protected] No description
npm WARN [email protected] No repository field.
+ [email protected]
updated 1 package in 1.519s
--- End Message ---
--
Pkg-javascript-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
