Open igor-savin-ht opened 6 years ago
Posting to get links/scores to the issues too. Anyone looking at this?
CVSS score | Dependency Path | Link |
---|---|---|
8.3 | aglio@2.3.0 => aglio-theme-olio@1.6.3 => jade@1.11.0 => transformers@2.1.0 => uglify-js@2.2.5 | https://nodesecurity.io/advisories/39 |
7.5 | aglio@2.3.0 => socket.io@1.7.4 => socket.io-client@1.7.4 => engine.io-client@1.8.5 => parsejson@0.0.3 | https://nodesecurity.io/advisories/528 |
7.5 | aglio@2.3.0 => aglio-theme-olio@1.6.3 => stylus@0.51.1 => glob@3.2.11 => minimatch@0.3.0 | https://nodesecurity.io/advisories/118 |
7.5 | aglio@2.3.0 => aglio-theme-olio@1.6.3 => markdown-it-anchor@2.7.1 => string@3.3.3 | https://nodesecurity.io/advisories/536 |
5.3 | aglio@2.3.0 => aglio-theme-olio@1.6.3 => jade@1.11.0 => transformers@2.1.0 => uglify-js@2.2.5 | https://nodesecurity.io/advisories/48 |
This is still an issue
Check my comment on https://github.com/danielgtaylor/aglio/issues/362#issuecomment-499086348, I has resolved this issue by updating dependencies on https://github.com/Gasol/aglio/commit/28f5e40922fb8c17858c8fc37b233dfaca17ebbd .
nsp plugin reports following vulnerable dependencies:
aglio@2.3.0 > aglio-theme-olio@1.6.3 > jade@1.11.0 > transformers@2.1.0 > uglify-js@2.2.5
aglio@2.3.0 > socket.io@1.7.4 > socket.io-client@1.7.4 > engine.io-client@1.8.4 > ws@1.1.2
aglio@2.3.0 > chokidar@1.7.0 > fsevents@1.1.3 > node-pre-gyp@0.6.39 > tar@2.2.1 > fstream@1.0.11 > rimraf@2.6.2 > glob@7.1.2 > minimatch@0.3.0
aglio@2.3.0 > socket.io@1.7.4 > engine.io@1.8.4 > ws@1.1.4
aglio@2.3.0 > aglio-theme-olio@1.6.3 > stylus@0.51.1 > glob@3.2.11 > minimatch@0.3.0
aglio@2.3.0 > socket.io@1.7.4 > socket.io-client@1.7.4 > engine.io-client@1.8.4 > parsejson@0.0.3
aglio@2.3.0 > aglio-theme-olio@1.6.3 > markdown-it-anchor@2.7.1 > string@3.3.3
aglio@2.3.0 > aglio-theme-olio@1.6.3 > jade@1.11.0 > transformers@2.1.0 > uglify-js@2.2.5
aglio@2.3.0 > socket.io@1.7.4 > socket.io-parser@2.3.1 > debug@2.2.0
aglio@2.3.0 > socket.io@1.7.4 > debug@2.3.3