[ https://issues.apache.org/jira/browse/THRIFT-4757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James E. King III updated THRIFT-4757: -------------------------------------- Labels: Security (was: ) > grunt-shell-spawn drags in sync-exec which has a security notice > ---------------------------------------------------------------- > > Key: THRIFT-4757 > URL: https://issues.apache.org/jira/browse/THRIFT-4757 > Project: Thrift > Issue Type: Bug > Components: JavaScript - Library > Affects Versions: 0.12.0 > Reporter: James E. King III > Assignee: James E. King III > Priority: Major > Labels: Security > Time Spent: 10m > Remaining Estimate: 0h > > {noformat} > root@efc557466b90:/thrift/src/lib/js# npm audit > === npm audit security report === > Manual Review > Some vulnerabilities require your attention to resolve > Visit https://go.npm.me/audit-guide for additional guidance > Moderate Tmp files readable by other users > Package sync-exec > Patched in No patch available > Dependency of grunt-shell-spawn [dev] > Path grunt-shell-spawn > sync-exec > More info https://nodesecurity.io/advisories/310 > found 1 moderate severity vulnerability in 2788 scanned packages > 1 vulnerability requires manual review. See the full report for details. > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005)