Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Critical vulnerability with criteo-direct-rsa-validate dependency #4851

Closed
shoutez opened this issue Feb 12, 2020 · 1 comment
Closed

Critical vulnerability with criteo-direct-rsa-validate dependency #4851

shoutez opened this issue Feb 12, 2020 · 1 comment

Comments

@shoutez
Copy link

shoutez commented Feb 12, 2020

Type of issue

Once npm audit is ran on the project, there is a critical vulnerability with a dependency of criteo-direct-rsa-validate.

Description

Critical vulnerability with js-yaml is documented at https://www.npmjs.com/advisories/788. When executing npm audit fix or npm audit fix --force the vulnerability problem is not fixed.

Screen Shot 2020-02-12 at 3 57 08 PM

Steps to reproduce

  1. Clone project
  2. Install dependencies by running npm install
  3. Run npm audit

Expected results

Run npm audit and don't receive any critical vulnerability message.

Actual results

Receiving critical vulnerability message when executing npm audit
leonardlabat added a commit to criteo-forks/Prebid.js that referenced this issue Feb 12, 2020
@leonardlabat
Updating criteo-direct-rsa-validate to 1.1.0 to fix issue prebid#4851
d6bec48
@leonardlabat leonardlabat mentioned this issue Feb 12, 2020
Merged
1 task
jsnellbaker pushed a commit that referenced this issue Feb 19, 2020
@leonardlabat
Updating criteo-direct-rsa-validate to 1.1.0 to fix issue #4851 (#4852)
7279255
@jsnellbaker
Copy link
Collaborator

The above PR addressed the reported issue; it will be part of Prebid 3.8.0

Closing this issue at this time.

hellsingblack pushed a commit to SublimeSkinz/Prebid.js that referenced this issue Mar 5, 2020
@leonardlabat @hellsingblack
Updating criteo-direct-rsa-validate to 1.1.0 to fix issue prebid#4851 (
1c126d9 
…prebid#4852)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shoutez @jsnellbaker