I'm using retire.js to keep track of security issues for a project and i have found out an issue in the version 2.0.3 of node-codacy-coverage lib.
Below is the result of retire's scan:
growl 1.9.2 has known vulnerabilities: severity: high; summary: growl_command-injection; https://nodesecurity.io/advisories/146
multichannel.log 1.0.0
↳ codacy-coverage 2.0.3
↳ growl 1.9.2
rtfpessoa
commented
6 years ago
Hey guys,
I'm using retire.js to keep track of security issues for a project and i have found out an issue in the version 2.0.3 of node-codacy-coverage lib. Below is the result of retire's scan:
growl 1.9.2 has known vulnerabilities: severity: high; summary: growl_command-injection; https://nodesecurity.io/advisories/146 multichannel.log 1.0.0 ↳ codacy-coverage 2.0.3 ↳ growl 1.9.2
growl 1.9.2 has known vulnerabilities: severity: high; summary: growl_command-injection; https://nodesecurity.io/advisories/146 multichannel.log 1.0.0 ↳ codacy-coverage 2.0.3 ↳ mocha 2.5.3 ↳ growl 1.9.2
The solution is update growl to version 1.10.2 or greater. Is there any plan to upgrade project dependencies?