Known high severity security vulnerability detected in adm-zip

daostack / truffle-core

Core code for Truffle command line tool

MIT License

0 stars 0 forks source link

Known high severity security vulnerability detected in adm-zip #1

Open dkent600 opened 6 years ago

dkent600 commented 6 years ago

@orenyodfat

from GitHub:

Known high severity security vulnerability detected in adm-zip < 0.4.11

from arc.js:

npm list adm-zip @daostack/arc.js@0.0.0-alpha.77 C:\Users\dkent\Documents\Projects\GitHub\DAOStack\arc.js -- truffle-core-migrate-without-compile@4.0.7 -- truffle-box@1.0.5 -- github-download@0.5.0 -- adm-zip@0.4.7

dkent600 commented 6 years ago

Should run npm audit to ensure niceness. This doesn't appear to be the only security problem with the package (there are over 30 of them!).