You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2019/02/16 01:44:33 UTC

[GitHub] jon-wei opened a new pull request #7083: Update handlebars dep to patch vulnerability

jon-wei opened a new pull request #7083: Update handlebars dep to patch vulnerability
URL: https://github.com/apache/incubator-druid/pull/7083
 
 
   I saw the following message during a build:
   
   ```
   [INFO] added 1153 packages from 1222 contributors and audited 91849 packages in 10.626s
   [INFO] found 1 high severity vulnerability
   [INFO]   run `npm audit fix` to fix them, or `npm audit` for details
   ```
   
   
   `npm audit` reports the following:
   
   ```
   $ npm audit
                                                                                   
                          === npm audit security report ===                        
                                                                                   
   # Run  npm update handlebars --depth 5  to resolve 1 vulnerability
   ┌───────────────┬──────────────────────────────────────────────────────────────┐
   │ High          │ Prototype Pollution                                          │
   ├───────────────┼──────────────────────────────────────────────────────────────┤
   │ Package       │ handlebars                                                   │
   ├───────────────┼──────────────────────────────────────────────────────────────┤
   │ Dependency of │ jest [dev]                                                   │
   ├───────────────┼──────────────────────────────────────────────────────────────┤
   │ Path          │ jest > jest-cli > istanbul-api > istanbul-reports >          │
   │               │ handlebars                                                   │
   ├───────────────┼──────────────────────────────────────────────────────────────┤
   │ More info     │ https://nodesecurity.io/advisories/755                       │
   └───────────────┴──────────────────────────────────────────────────────────────┘
   found 1 high severity vulnerability in 91849 scanned packages
     run `npm audit fix` to fix 1 of them.
   
   ```
   
   This patch is the fix applied by `npm audit fix`.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org