search

envoyproxy / envoy-tools

Companion tooling for Envoy proxy
Apache License 2.0
49 stars 24 forks source link

update npm dependencies #8

Closed danielhochman closed 6 years ago

danielhochman commented 6 years ago

This should fix the GitHub security alert. There is one more outstanding npm audit warning that can't be resolved without an upstream fix. See https://github.com/substack/picture-tube/issues/13 for details.

$ npm audit
...
found 259 vulnerabilities (234 low, 21 moderate, 4 high) in 6527 scanned packages

$ npm audit fix --force

$ npm audit

                       === npm audit security report ===                        

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Remote Memory Exposure                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ request                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.68.0                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ blessed-contrib                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ blessed-contrib > picture-tube > request                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/309                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 moderate severity vulnerability in 6431 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Signed-off-by: Daniel Hochman danielhochman@users.noreply.github.com

danielhochman commented 6 years ago

(tested manually)

htuch commented 6 years ago

@danielhochman thanks!