Uploaded image for project: 'Flagon'
  1. Flagon
  2. FLAGON-422 Update NPM modules to fix prototype pollution issues in npm packages
  3. FLAGON-423

Update Package File to Fix Down Stream Dependencies

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • UserALE.js 2.0.2
    • UserALE.js 2.0.2
    • UserALE.js
    • None
    • node.js
    • Patch, Important

    Description

      Because the Prototype Pollution vulnerability is so pervasive, npm is rolling back their "immutable" registry policy to allow for fixes to previous versions of ubiquitous dependencies (set-value, mixit, lodash). These fixes will bubble up to existing versions of major userale.js dev dependencies (gulp, nodemon, babel, etc., etc.). However, as the registry will accept changes to prior versions of dependencies, the hashes on these dependencies will change. This requires that we regenerate our package.json file. 

      Attachments

        Issue Links

          is a child of

          Bug - A problem which impairs or prevents the functions of the product. FLAGON-422 Update NPM modules to fix prototype pollution issues in npm packages

          • Major - Major loss of function.
          • Closed

          Activity

            People

              poorejc@me.com Joshua Poore
              poorejc@me.com Joshua Poore
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: