You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "James E. King III (JIRA)" <ji...@apache.org> on 2019/01/26 12:34:00 UTC

[jira] [Assigned] (THRIFT-4757) grunt-shell-spawn drags in sync-exec which has a security notice

     [ https://issues.apache.org/jira/browse/THRIFT-4757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

James E. King III reassigned THRIFT-4757:
-----------------------------------------

    Assignee: James E. King III

> grunt-shell-spawn drags in sync-exec which has a security notice
> ----------------------------------------------------------------
>
>                 Key: THRIFT-4757
>                 URL: https://issues.apache.org/jira/browse/THRIFT-4757
>             Project: Thrift
>          Issue Type: Bug
>          Components: JavaScript - Library
>    Affects Versions: 0.12.0
>            Reporter: James E. King III
>            Assignee: James E. King III
>            Priority: Major
>
> {noformat}
> root@efc557466b90:/thrift/src/lib/js# npm audit
>                        === npm audit security report ===
>                                  Manual Review
>              Some vulnerabilities require your attention to resolve
>           Visit https://go.npm.me/audit-guide for additional guidance
>   Moderate        Tmp files readable by other users
>   Package         sync-exec
>   Patched in      No patch available
>   Dependency of   grunt-shell-spawn [dev]
>   Path            grunt-shell-spawn > sync-exec
>   More info       https://nodesecurity.io/advisories/310
> found 1 moderate severity vulnerability in 2788 scanned packages
>   1 vulnerability requires manual review. See the full report for details.
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)