-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix securiy vulnerabilities in parcel-bundler and @parcel/logger #5045
Comments
When installing with npm it found "46 high severity vulnerabilities", all of which can be fixed with |
Any news on this? Would a |
10 vulns, 4L, 2M, and 2H. Run |
also, seeing a security vulnerability for the "node-forge" dependency of the NPM parcel-bundler distribution (1.12.4). which causes this log from "npm audit" command:
what is a good short-term/long-term fix? |
The node-forge security issue still exists. |
Just realised this is a Parcel 1 issue and probably won't be fixed because of this as it's not a real security issue and you can work around it with resolutions in yarn and npm has something similar.. |
#4638 π bug report
I get multiple vulnerabilities when running Snyks security tool against my dependencies:
[email protected]
and@parcel/[email protected]
are affected by many security vulnerabilities according to Snyk:? β High severity vuln found in [email protected], introduced via @parcel/[email protected]
Description: Regular Expression Denial of Service (ReDoS)
Info: https://snyk.io/vuln/SNYK-JS-ACORN-559469
From: @parcel/[email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
? β High severity vuln found in [email protected]
Description: Regular Expression Denial of Service (ReDoS)
Info: https://snyk.io/vuln/SNYK-JS-ACORN-559469
From: [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
? β Medium severity vuln found in [email protected]
Description: Prototype Pollution
Info: https://snyk.io/vuln/SNYK-JS-DOTPROP-543489
From: [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
? β Medium severity vuln found in [email protected]
Description: Timing Attack
Info: https://snyk.io/vuln/SNYK-JS-ELLIPTIC-511941
From: [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
? β High severity vuln found in [email protected]
Description: Cryptographic Issues
Info: https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484
From: [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
? β Medium severity vuln found in [email protected]
Description: Timing Attack
Info: https://snyk.io/vuln/SNYK-JS-ELLIPTIC-511941
From: [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
? β High severity vuln found in [email protected]
Description: Cryptographic Issues
Info: https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484
From: [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
? β Medium severity vuln found in [email protected]
Description: Prototype Pollution
Info: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
From: @parcel/[email protected] > [email protected] > [email protected] > [email protected] > [email protected]
? β Medium severity vuln found in [email protected]
Description: Prototype Pollution
Info: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
From: [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
? β Medium severity vuln found in [email protected]
Description: Remote Memory Exposure
Info: https://snyk.io/vuln/SNYK-JS-NODEADDONAPI-571001
From: [email protected] > [email protected] > [email protected]
? β High severity vuln found in [email protected]
Description: Cross-site Scripting (XSS)
Info: https://snyk.io/vuln/SNYK-JS-SERIALIZETOJS-536958
From: [email protected] > [email protected]
? β Medium severity vuln found in [email protected]
Description: Prototype Pollution
Info: https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
From: [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
? β Medium severity issue found in [email protected]
Description: MPL-2.0 license
Info: https://snyk.io/vuln/snyk:lic:npm:mdn-data:MPL-2.0
From: [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
? β Medium severity issue found in [email protected]
Description: MPL-2.0 license
Info: https://snyk.io/vuln/snyk:lic:npm:mdn-data:MPL-2.0
From: [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
π Configuration (.babelrc, package.json, cli command)
n/a
π€ Expected Behavior
Package vulnerabilities are resolved quickly
π― Current Behavior
Many, open vulnerabilities
π Possible Solution
npm audit fix
and use Snyk to test you code regularly (they have a free option for Open Source)π¦ Context
n/a
π» Code Sample
n/a
π Your Environment
n/a
The text was updated successfully, but these errors were encountered: