atomist[bot]
commented
3 years ago Pull request auto merged:
- No reviews
- 1 successful check
Closed atomist[bot] closed 3 years ago
atomist[bot]
commented
3 years ago Pull request auto merged:
This pull request fixes all 7 high security vulnerabilities open on a5617aa.
npm audit fixupdated the following npm dependencies:@atomist/api-cljs> 0.4.116Fixed vulnerabilities
Following security vulnerability is fixed:
node-forge
Prototype Pollution in node-forge Upgrade to version 0.10.0 or later high -
< 0.10.0- CVE-2020-7720 - automatic fix availablenode-forge@0.9.2- 7 vulnerable paths@atomist/api-cljs > @atomist/skill-logging > @google-cloud/logging > @google-cloud/common > google-auth-library > gtoken > google-p12-pem > node-forge@atomist/api-cljs > @atomist/skill-logging > @google-cloud/logging > google-auth-library > gtoken > google-p12-pem > node-forge@atomist/api-cljs > @atomist/skill-logging > @google-cloud/logging > google-gax > google-auth-library > gtoken > google-p12-pem > node-forge@atomist/api-cljs > @google-cloud/pubsub > google-auth-library > gtoken > google-p12-pem > node-forge@atomist/api-cljs > @google-cloud/pubsub > google-gax > google-auth-library > gtoken > google-p12-pem > node-forge@atomist/api-cljs > @google-cloud/storage > @google-cloud/common > google-auth-library > gtoken > google-p12-pem > node-forge@atomist/api-cljs > @google-cloud/storage > gcs-resumable-upload > google-auth-library > gtoken > google-p12-pem > node-forgeFiles changed:
package-lock.jsonpackage.json