Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
moderate advisory in dependency
See original GitHub issueI am on nodemon v2.0.16 and yarn audit tells me that there’s a vuln in one of the dependencies:
https://github.com/advisories/GHSA-pfrx-2q88-qq97
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Got allows a redirect to a UNIX socket │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ got │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=11.8.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ nodemon │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ nodemon > update-notifier > latest-version > package-json > │
│ │ got │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1075647 │
└───────────────┴──────────────────────────────────────────────────────────────┘
I have no clue if update-notifiier and the rest of the tree-on-down have updated to fix this…but when they do it’d be great if you could update this!
Thanks for the great library!
Issue Analytics
- State:
- Created a year ago
- Reactions:28
- Comments:8 (5 by maintainers)
Top Results From Across the Web
Auditing package dependencies for security vulnerabilities
A security audit is an assessment of package dependencies for security ... Review the security advisory in the "More info" field for mitigating...
Read more >Do you know the GitHub Advisory Database?
One of the huge topics is about possible vulnerabilities in dependencies. Almost every developer is using third-party libraries and ...
Read more >RHSA-2021:4702 - Security Advisory - Red Hat Customer Portal
Moderate: Satellite 6.10 Release. Type/Severity. Security Advisory: Moderate ... BZ - 1904369 - Package dependency is wrong on Satellite UI ...
Read more >Apache Log4j Security Vulnerabilities
Severity, Moderate. Base CVSS Score, 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H). Versions Affected, All versions from 2.0-beta7 to 2.17.0, ...
Read more >a dogbook for attorneys representing children and parents
www.courts.ca.gov/cfcc-dependency.htm. To obtain updates or additional copies of this book, please contact: Judicial Council of California.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Had to revert as it borked installs. The next release, I hope, will remove update-notifier as it keeps bringing in issues.
releasing now.