Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

packages #1

Open
tohshige opened this issue Feb 20, 2018 · 4 comments
Open

packages #1

tohshige opened this issue Feb 20, 2018 · 4 comments

Comments

@tohshige
Copy link

http://takamints.hatenablog.jp/entry/fix-security-vulnerabilities-in-package-lock-json
"marked": "0.3.6" にセキュリティホールあり。Github上にも警告がでる
手動で以下のパッケージを0.3.9にすればOK

./node_modules/express/package.json:    "marked": "0.3.5",
./node_modules/keystone/package.json:    "marked": "0.3.6",
./node_modules/marked/package.json:    "marked": "./bin/marked"
./node_modules/mongoose/package.json:    "marked": "0.3.6",
./node_modules/react-dnd/package.json:    "marked": "^0.3.2",
./node_modules/superagent/package.json:    "marked": "0.3.5",
tohshige pushed a commit that referenced this issue Feb 20, 2018
[WIP] #1 update package marked
345af77
@tohshige
Copy link
Author

サイト:JVN報告

ID タイトル 深刻度 公表日 最終更新日
JVNDB-2017-010028 KeystoneJS におけるクロスサイトリクエストフォージェリの脆弱性 6.8 2017/10/23 2017/11/30
JVNDB-2017-009637 KeystoneJS におけるクロスサイトスクリプティングの脆弱性 3.5 2017/10/23 2017/11/17
JVNDB-2017-009618 KeystoneJS における入力確認に関する脆弱性 6.8 2017/10/23 2017/11/16
JVNDB-2017-009617 KeystoneJS におけるクロスサイトスクリプティングの脆弱性 4.3 2017/10/23 2017/11/16

Security fixes

一応活発に更新かけてる模様
10/03 から23日までの13コミットで修正されている
keystonejs/keystone#4478

@tohshige
Copy link
Author

test

@tohshige
Copy link
Author

jenkins

1 similar comment
@tohshige
Copy link
Author

jenkins

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tohshige