#8154 closed defect (bug) (fixed)
Fix node modules vulnerabilities
Reported by: | imath | Owned by: | imath |
---|---|---|---|
Milestone: | 6.0.0 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Build/Test Tools | Keywords: | needs-patch |
Cc: |
Description
Just did npm install
and got :
found 51 vulnerabilities (23 low, 13 moderate, 15 high)
I think it would be great to have this fixed asap.
Attachments (2)
Change History (15)
#2
@
5 years ago
@imath Do you think it is better to postpone this ticket to the next release? A set of eyes from @netweb would be invaluable.
#3
@
5 years ago
You're probably right, but I'd really like to have this ticket fixed. It's very annoying to have these vulnerabilities. I'll wait until the last minute but will commit it the way it is before 6.0.0 release if we don't have feedbacks about it.
#4
@
5 years ago
Just had a look, there are 9 high node vulnerabilities in grunt-contrib-imagemin
from the version we currently use to latest (v3.1.0) https://github.com/gruntjs/grunt-contrib-imagemin/issues/391
#8
@
4 years ago
- Keywords needs-patch added; has-patch 2nd-opinion removed
- Milestone changed from 6.0.0 to Up Next
grunt-contrib-imagemin
has not fixed the vulnerability yet. So let's finish this during next release.
#10
@
4 years ago
- Milestone changed from Up Next to 6.0.0
- Owner changed from netweb to imath
- Status changed from new to assigned
grunt-contrib-imagemin
has fixed the issue 4 days ago. Let's fix it in 6.0.0.
#12
@
4 years ago
I just ran npm install
and I'm getting the following:
found 24 vulnerabilities (15 low, 9 high) in 20754 scanned packages run `npm audit fix` to fix 23 of them. 1 vulnerability requires manual review. See the full report for details.
Let me know if you want me to post the full npm audit
log.
Update - I was behind by a few commits. Just rebased and everything is good! Apologies imath!
Hi @netweb could you check 8154.patch ? It fixes a majority of the vulnerabilities without adding too much work (updating stylelint is generating way too much errors in css/scss files).
Using phplint module instead of grunt-phplint (not updated for 3 years!!) is fixing all high and major vulnerabilities!