You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@drat.apache.org by GitBox <gi...@apache.org> on 2019/10/29 20:36:18 UTC

[GitHub] [drat] ottlinger opened a new issue #202: Fix security issue in set-value

ottlinger opened a new issue #202: Fix security issue in set-value
URL: https://github.com/apache/drat/issues/202
 
 
   I didn't find DRAT in the ASF jira thus I file this issue here:
   https://nvd.nist.gov/vuln/detail/CVE-2019-10747
   
   Remediation
   
   Upgrade set-value to version 2.0.1 or later. For example:
   
   ```
   "dependencies": {
     "set-value": ">=2.0.1"
   }
   ```
   
   or…
   
   ```
   "devDependencies": {
     "set-value": ">=2.0.1"
   }
   ```
   
   Always verify the validity and compatibility of suggestions with your codebase. 
   
   https://github.com/apache/drat/blob/master/webapps/proteus-new/src/main/webapp/resources/package-lock.json

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services