Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update grunt-contrib-watch to latest version #3678

Closed
elssar opened this issue Mar 31, 2016 · 2 comments
Closed

Update grunt-contrib-watch to latest version #3678

elssar opened this issue Mar 31, 2016 · 2 comments

Comments

@elssar
Copy link

elssar commented Mar 31, 2016

Sails version: 0.12.1
Node version: 4.3.0
NPM version: 2.14.12
Operating system: Ubuntu 12.04

grunt-contrib-watch v0.5.3 has a security vulnerability via a dependency of a dependency qs.

This affects both sails 0.11 and 0.12. grunt-contrib-watch should be updated to the latest version
@sailsbot
Copy link

Hi @elssar! It looks like you missed a step or two when you created your issue. Please edit your comment (use the pencil icon at the top-right corner of the comment box) and fix the following:

  • Verify "I am experiencing a concrete technical issue (aka a bug) with Sails (ideas and feature proposals should follow the guide for proposing features and enhancements (http://bit.ly/sails-feature-guide), which involves making a pull request). If you're not 100% certain whether it's a bug or not, that's okay--you may continue. The worst that can happen is that the issue will be closed and we'll point you in the right direction."
  • Verify "I am not asking a question about how to use Sails or about whether or not Sails has a certain feature (please refer to the documentation(http://sailsjs.org), or post on http://stackoverflow.com, our Google Group (http://bit.ly/sails-google-group) or our live chat (https://gitter.im/balderdashy/sails)."
  • Verify "I have already searched for related issues, and found none open (if you found a related closed issue, please link to it in your post)."
  • Verify "My issue title is concise, on-topic and polite ("jst.js being removed from layout.ejs on lift" is good; "templates dont work" or "why is sails dumb" are not so good)."
  • Verify "I have tried all the following (if relevant) and my issue remains:"
  • Verify "I can provide steps to reproduce this issue that others can follow."

As soon as those items are rectified, post a new comment (e.g. “Ok, fixed!”) below and we'll take a look. Thanks!

If you feel this message is in error, or you want to debate the merits of my existence (sniffle), please contact [email protected].

@elssar elssar changed the title Security vulnerability in grunt-contrib-watch Security vulnerability in grunt-contrib-watch v0.5.3 Mar 31, 2016
@elssar elssar changed the title Security vulnerability in grunt-contrib-watch v0.5.3 Update grunt-contrib-watch to latest version Mar 31, 2016
@sgress454
Copy link
Member

Thanks for posting, @elssar. It's not actually a security issue for Sails apps; Sails core doesn't run grunt-contrib-watch, it just has it installed in its node_modules folder so that new Sails apps know which version to install locally, and those apps only run the watch task in development mode by default (it's turned off in production, and it's userland setting). We'll almost certainly upgrade it anyway, just letting you know your code is safe.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sgress454 @elssar @sailsbot