Closed atomist[bot] closed 3 years ago
This pull request fixes all 7 high security vulnerabilities open on a5617aa.
npm audit fix updated the following npm dependencies:
npm audit fix
@atomist/api-cljs
Following security vulnerability is fixed:
Prototype Pollution in node-forge Upgrade to version 0.10.0 or later high - < 0.10.0 - CVE-2020-7720 - automatic fix available
< 0.10.0
node-forge@0.9.2
@atomist/api-cljs > @atomist/skill-logging > @google-cloud/logging > @google-cloud/common > google-auth-library > gtoken > google-p12-pem > node-forge
@atomist/api-cljs > @atomist/skill-logging > @google-cloud/logging > google-auth-library > gtoken > google-p12-pem > node-forge
@atomist/api-cljs > @atomist/skill-logging > @google-cloud/logging > google-gax > google-auth-library > gtoken > google-p12-pem > node-forge
@atomist/api-cljs > @google-cloud/pubsub > google-auth-library > gtoken > google-p12-pem > node-forge
@atomist/api-cljs > @google-cloud/pubsub > google-gax > google-auth-library > gtoken > google-p12-pem > node-forge
@atomist/api-cljs > @google-cloud/storage > @google-cloud/common > google-auth-library > gtoken > google-p12-pem > node-forge
@atomist/api-cljs > @google-cloud/storage > gcs-resumable-upload > google-auth-library > gtoken > google-p12-pem > node-forge
Files changed:
package-lock.json
package.json
Pull request auto merged:
This pull request fixes all 7 high security vulnerabilities open on a5617aa.
npm audit fix
updated the following npm dependencies:@atomist/api-cljs
> 0.4.116Fixed vulnerabilities
Following security vulnerability is fixed:
node-forge
Prototype Pollution in node-forge Upgrade to version 0.10.0 or later high -
< 0.10.0
- CVE-2020-7720 - automatic fix availablenode-forge@0.9.2
- 7 vulnerable paths@atomist/api-cljs > @atomist/skill-logging > @google-cloud/logging > @google-cloud/common > google-auth-library > gtoken > google-p12-pem > node-forge
@atomist/api-cljs > @atomist/skill-logging > @google-cloud/logging > google-auth-library > gtoken > google-p12-pem > node-forge
@atomist/api-cljs > @atomist/skill-logging > @google-cloud/logging > google-gax > google-auth-library > gtoken > google-p12-pem > node-forge
@atomist/api-cljs > @google-cloud/pubsub > google-auth-library > gtoken > google-p12-pem > node-forge
@atomist/api-cljs > @google-cloud/pubsub > google-gax > google-auth-library > gtoken > google-p12-pem > node-forge
@atomist/api-cljs > @google-cloud/storage > @google-cloud/common > google-auth-library > gtoken > google-p12-pem > node-forge
@atomist/api-cljs > @google-cloud/storage > gcs-resumable-upload > google-auth-library > gtoken > google-p12-pem > node-forge
Files changed:
package-lock.json
package.json