Skip to content
This repository has been archived by the owner on Jul 31, 2020. It is now read-only.

Update tape-run to address open-redirect issue in ecstatic #307

Closed
jumde opened this issue Apr 30, 2019 · 2 comments
Closed

Update tape-run to address open-redirect issue in ecstatic #307

jumde opened this issue Apr 30, 2019 · 2 comments
Assignees
@jumde

Comments

@jumde
Copy link
Contributor

jumde commented Apr 30, 2019 

03:12:30 npm audit
03:12:36 === npm audit security report ===                        
03:12:36                                                                                 
03:12:36 # Run  npm update ecstatic --depth 4  to resolve 1 vulnerability
03:12:36 ┌───────────────┬──────────────────────────────────────────────────────────────┐
03:12:36 │ High          │ Open Redirect                                                │
03:12:36 ├───────────────┼──────────────────────────────────────────────────────────────┤
03:12:36 │ Package       │ ecstatic                                                     │
03:12:36 ├───────────────┼──────────────────────────────────────────────────────────────┤
03:12:36 │ Dependency of │ tape-run [dev]                                               │
03:12:36 ├───────────────┼──────────────────────────────────────────────────────────────┤
03:12:36 │ Path          │ tape-run > browser-run > electron-stream > ecstatic          │
03:12:36 ├───────────────┼──────────────────────────────────────────────────────────────┤
03:12:36 │ More info     │ https://nodesecurity.io/advisories/830                       │
03:12:36 └───────────────┴──────────────────────────────────────────────────────────────┘
03:12:36 
03:12:36 
03:12:36 ┌──────────────────────────────────────────────────────────────────────────────┐
03:12:36 │                                Manual Review                                 │
03:12:36 │            Some vulnerabilities require your attention to resolve            │
03:12:36 │                                                                              │
03:12:36 │         Visit https://go.npm.me/audit-guide for additional guidance          │
03:12:36 └──────────────────────────────────────────────────────────────────────────────┘
03:12:36 ┌───────────────┬──────────────────────────────────────────────────────────────┐
03:12:36 │ High          │ Open Redirect                                                │
03:12:36 ├───────────────┼──────────────────────────────────────────────────────────────┤
03:12:36 │ Package       │ ecstatic                                                     │
03:12:36 ├───────────────┼──────────────────────────────────────────────────────────────┤
03:12:36 │ Patched in    │ >=4.1.2                                                      │
03:12:36 ├───────────────┼──────────────────────────────────────────────────────────────┤
03:12:36 │ Dependency of │ tape-run [dev]                                               │
03:12:36 ├───────────────┼──────────────────────────────────────────────────────────────┤
03:12:36 │ Path          │ tape-run > browser-run > ecstatic                            │
03:12:36 ├───────────────┼──────────────────────────────────────────────────────────────┤
03:12:36 │ More info     │ https://nodesecurity.io/advisories/830                       │
03:12:36 └───────────────┴──────────────────────────────────────────────────────────────┘
@jumde jumde self-assigned this Apr 30, 2019
@bsclifton bsclifton mentioned this issue May 2, 2019
Merged
@juliangruber
Copy link

tape-run@6.0.0 with updated ecstatic dependency has been shipped 👍

@diracdeltas
Copy link
Member

fixed! pushing now :)

diracdeltas added a commit that referenced this issue May 2, 2019
@diracdeltas
Fix tape run and rerun npm install
725d376 
Fix #307
bsclifton pushed a commit that referenced this issue May 3, 2019
@diracdeltas @bsclifton
Fix tape run and rerun npm install
9b10ade 
Fix #307
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jumde jumde

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@juliangruber @diracdeltas @jumde