[jira] [Updated] (SENSSOFT-321) Gulp Mocha Dependency Deprecation: Critical Command Injection Vulnerability
[ https://issues.apache.org/jira/browse/SENSSOFT-321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joshua Poore updated SENSSOFT-321: -- Description: Gulp Mocha v3.x has a critical vulnerability (see attached terminal output for details) due to "growl" package dependency. Vulnerability must be fixed before deployed on a network with any exposure. Running NPM/Node v 11.6 Will post in comments as issue is explored. was: Notably: Gulp Mocha has a critical vulnerability (see attached for details > Gulp Mocha Dependency Deprecation: Critical Command Injection Vulnerability > --- > > Key: SENSSOFT-321 > URL: https://issues.apache.org/jira/browse/SENSSOFT-321 > Project: SensSoft > Issue Type: Bug > Components: UserALE.js >Affects Versions: UserALE.js 1.0.0, UserALE.js 1.1.0 > Environment: javascript >Reporter: Joshua Poore >Assignee: Joshua Poore >Priority: Critical > Fix For: UserALE.js 1.1.0 > > Attachments: Gulp Mocha Vulnerability > > > Gulp Mocha v3.x has a critical vulnerability (see attached terminal output > for details) due to "growl" package dependency. Vulnerability must be fixed > before deployed on a network with any exposure. > Running NPM/Node v 11.6 > Will post in comments as issue is explored. > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENSSOFT-321) Gulp Mocha Dependency Deprecation: Critical Command Injection Vulnerability
[
https://issues.apache.org/jira/browse/SENSSOFT-321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joshua Poore updated SENSSOFT-321:
--
Description:
Notably:
Gulp Mocha has a critical vulnerability (see attached for details
was:
Multiple Warnings with NPM Build through -192 branch
npm WARN deprecated babel-preset-es2015@6.24.1: Thanks for using Babel: we
recommend using babel-preset-env now: please read babeljs.io/env to update!
{color:#FF}npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated -
replace it, following the guidelines at
https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5{color}
npm WARN deprecated uglify-js-harmony@2.7.7: deprecated in favour of uglify-es
npm WARN deprecated formatio@1.1.1: This package is unmaintained. Use
@sinonjs/formatio instead
npm WARN deprecated samsam@1.1.2: This package has been deprecated in favour of
@sinonjs/samsam
npm WARN deprecated graceful-fs@3.0.11: please upgrade to graceful-fs 4 for
compatibility with current and future versions of Node.js
npm WARN deprecated samsam@1.1.3: This package has been deprecated in favour of
@sinonjs/samsam
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or
higher to avoid a RegExp DoS issue
npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only,
flatted is its successor.
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or
higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for
compatibility with current and future versions of Node.js
Notably:
Gulp Mocha has a critical vulnerability (see attached for details
> Gulp Mocha Dependency Deprecation: Critical Command Injection Vulnerability
> ---
>
> Key: SENSSOFT-321
> URL: https://issues.apache.org/jira/browse/SENSSOFT-321
> Project: SensSoft
> Issue Type: Bug
> Components: UserALE.js
>Affects Versions: UserALE.js 1.0.0, UserALE.js 1.1.0
> Environment: javascript
>Reporter: Joshua Poore
>Assignee: Joshua Poore
>Priority: Critical
> Fix For: UserALE.js 1.1.0
>
> Attachments: Gulp Mocha Vulnerability
>
>
>
> Notably:
> Gulp Mocha has a critical vulnerability (see attached for details
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENSSOFT-321) Gulp Mocha Dependency Deprecation: Critical Command Injection Vulnerability
[
https://issues.apache.org/jira/browse/SENSSOFT-321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joshua Poore updated SENSSOFT-321:
--
Attachment: Gulp Mocha Vulnerability
> Gulp Mocha Dependency Deprecation: Critical Command Injection Vulnerability
> ---
>
> Key: SENSSOFT-321
> URL: https://issues.apache.org/jira/browse/SENSSOFT-321
> Project: SensSoft
> Issue Type: Bug
> Components: UserALE.js
>Affects Versions: UserALE.js 1.0.0, UserALE.js 1.1.0
> Environment: javascript
>Reporter: Joshua Poore
>Assignee: Joshua Poore
>Priority: Critical
> Fix For: UserALE.js 1.1.0
>
> Attachments: Gulp Mocha Vulnerability
>
>
> Multiple Warnings with NPM Build through -192 branch
> npm WARN deprecated babel-preset-es2015@6.24.1: Thanks for using Babel: we
> recommend using babel-preset-env now: please read babeljs.io/env to update!
> {color:#FF}npm WARN deprecated gulp-util@3.0.8: gulp-util is deprecated -
> replace it, following the guidelines at
> https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5{color}
> npm WARN deprecated uglify-js-harmony@2.7.7: deprecated in favour of uglify-es
> npm WARN deprecated formatio@1.1.1: This package is unmaintained. Use
> @sinonjs/formatio instead
> npm WARN deprecated samsam@1.1.2: This package has been deprecated in favour
> of @sinonjs/samsam
> npm WARN deprecated graceful-fs@3.0.11: please upgrade to graceful-fs 4 for
> compatibility with current and future versions of Node.js
> npm WARN deprecated samsam@1.1.3: This package has been deprecated in favour
> of @sinonjs/samsam
> npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or
> higher to avoid a RegExp DoS issue
> npm WARN deprecated circular-json@0.3.3: CircularJSON is in maintenance only,
> flatted is its successor.
> npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or
> higher to avoid a RegExp DoS issue
> npm WARN deprecated graceful-fs@1.2.3: please upgrade to graceful-fs 4 for
> compatibility with current and future versions of Node.js
> Notably:
> Gulp Mocha has a critical vulnerability (see attached for details
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
