Closed mattcolegate closed 4 years ago
fixed with commit 7200d87bedc69596f35b6d1604046ae7a49fffb9
There are still 57 vulnerabilities (2 low, 1 moderate, 52 high, 2 critical). Please run npm install
followed by npm audit
to see them all.
I run npm install
with the following package dependencies:
"dependencies": {
"appmetrics": "^5.0.0",
"https-proxy-agent": "^2.2.1",
"kubernetes-client": "^3.16.0",
"log4js": "^4.5.1",
"properties": "^1.2.1",
"properties-reader": "0.0.16",
"request": "^2.72.0",
"tcp-ping": "^0.1.1",
"uuid": "^2.0.2",
"zipkin": "0.10.1",
"zipkin-context-cls": "0.6.1",
"zipkin-transport-http": "0.10.1"
}
Then run npm audit
and get the following result:
[root@joycevm1 buildgreenfield]# npm audit
=== npm audit security report ===
found 0 vulnerabilities
in 631 scanned packages
two https-proxy-agent will be installed, one is through my package.json, 2.2.4 will be installed, another is through appmetrics->ibmapm-restclient->4.0.0 will be installed
both versions are not vulnerable
[root@joycevm1 test]# npm install ibmapm-restclient
+ ibmapm-restclient@19.12.1
updated 1 package and audited 826 packages in 2.451s
found 0 vulnerabilities
Whilst investigating https://github.com/RuntimeTools/appmetrics/issues/633, I identified this package as requiring a level of
https-proxy-agent
with a known Man-In-The-Middle attack. Runningnpm audit
found a total of 57 vulnerabilities (2 low, 1 moderate, 52 high, 2 critical). Please can these vulnerabilities be fixed?