[THRIFT-4757] grunt-shell-spawn drags in sync-exec which has a security notice - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 0.12.0
Fix Version/s: 0.13.0
Component/s: JavaScript - Library
Labels:
- Security

Description

root@efc557466b90:/thrift/src/lib/js# npm audit

                       === npm audit security report ===


                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance


  Moderate        Tmp files readable by other users

  Package         sync-exec

  Patched in      No patch available

  Dependency of   grunt-shell-spawn [dev]

  Path            grunt-shell-spawn > sync-exec

  More info       https://nodesecurity.io/advisories/310

found 1 moderate severity vulnerability in 2788 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Attachments

Issue Links

links to

GitHub Pull Request #1715

Issue on GitHub

Activity

People

Assignee:: James E. King III

Reporter:: James E. King III

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 24/Jan/19 20:38

Updated:: 16/Oct/19 22:27

Resolved:: 26/Jan/19 14:39

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

20m