search

arobson / rabbot

Deprecated: Please see https://github.com/Foo-Foo-MQ/foo-foo-mq
MIT License
277 stars 129 forks source link

Vulnerabilities in Dependenciens #195

Closed Ibrahimtrrc closed 4 years ago

Ibrahimtrrc commented 5 years ago

When you install rabbot ( npm install rabbot ) you will have 6 vulnerabilities ( 3 low, 3 moderate ). Here is the result of npm audit: ` Moderate Prototype Pollution

Package lodash

Patched in >=4.17.11

Dependency of rabbot

Path rabbot > machina > lodash

More info https://npmjs.com/advisories/782

Moderate Prototype Pollution

Package lodash

Patched in >=4.17.11

Dependency of rabbot

Path rabbot > monologue.js > lodash

More info https://npmjs.com/advisories/782

Moderate Prototype Pollution

Package lodash

Patched in >=4.17.11

Dependency of rabbot

Path rabbot > monologue.js > riveter > lodash

More info https://npmjs.com/advisories/782

Low Prototype Pollution

Package lodash

Patched in >=4.17.5

Dependency of rabbot

Path rabbot > machina > lodash

More info https://npmjs.com/advisories/577

Low Prototype Pollution

Package lodash

Patched in >=4.17.5

Dependency of rabbot

Path rabbot > monologue.js > lodash

More info https://npmjs.com/advisories/577

Low Prototype Pollution

Package lodash

Patched in >=4.17.5

Dependency of rabbot

Path rabbot > monologue.js > riveter > lodash

More info https://npmjs.com/advisories/577

found 6 vulnerabilities (3 low, 3 moderate) in 33 scanned packages 6 vulnerabilities require manual review. See the full report for details.`

Ibrahimtrrc commented 4 years ago

This is not maintained anymore right ?

djMax commented 4 years ago

It does not appear to be. But we are still users of it. So I suppose I should consider forking it.

doubliez commented 4 years ago

Same here, we are using this library and need to have these vulnerabilities fixed. Will probably fork it too if this is truly not maintained anymore.

zlintz commented 4 years ago

I am starting this process of a forked version and plan to maintain if interested in see https://github.com/zlintz/foo-foo-mq https://github.com/Foo-Foo-MQ/foo-foo-mq

zlintz commented 4 years ago

I have released a verse of this with the vulnerabilities dependencies address. https://github.com/Foo-Foo-MQ/foo-foo-mq

arobson commented 4 years ago

hi @zlintz - thanks for forking this and continuing to keep it working for folks who would like to use this. I've marked this repo as deprecated and directed folks your way. 💯

zlintz commented 4 years ago

Thank you @arobson, if you would like to stay involved please let me know.