yuecchen
commented
4 years ago fixed with commit 7200d87bedc69596f35b6d1604046ae7a49fffb9
Closed mattcolegate closed 4 years ago
yuecchen
commented
4 years ago fixed with commit 7200d87bedc69596f35b6d1604046ae7a49fffb9
mattcolegate
commented
4 years ago There are still 57 vulnerabilities (2 low, 1 moderate, 52 high, 2 critical). Please run npm install followed by npm audit to see them all.
yuecchen
commented
4 years ago I run npm install with the following package dependencies:
"dependencies": {
"appmetrics": "^5.0.0",
"https-proxy-agent": "^2.2.1",
"kubernetes-client": "^3.16.0",
"log4js": "^4.5.1",
"properties": "^1.2.1",
"properties-reader": "0.0.16",
"request": "^2.72.0",
"tcp-ping": "^0.1.1",
"uuid": "^2.0.2",
"zipkin": "0.10.1",
"zipkin-context-cls": "0.6.1",
"zipkin-transport-http": "0.10.1"
}Then run npm audit and get the following result:
[root@joycevm1 buildgreenfield]# npm audit
=== npm audit security report ===
found 0 vulnerabilities
in 631 scanned packagestwo https-proxy-agent will be installed, one is through my package.json, 2.2.4 will be installed, another is through appmetrics->ibmapm-restclient->4.0.0 will be installed
both versions are not vulnerable
yuecchen
commented
4 years ago [root@joycevm1 test]# npm install ibmapm-restclient
+ ibmapm-restclient@19.12.1
updated 1 package and audited 826 packages in 2.451s
found 0 vulnerabilities
Whilst investigating https://github.com/RuntimeTools/appmetrics/issues/633, I identified this package as requiring a level of
https-proxy-agentwith a known Man-In-The-Middle attack. Runningnpm auditfound a total of 57 vulnerabilities (2 low, 1 moderate, 52 high, 2 critical). Please can these vulnerabilities be fixed?