rfultz
commented
4 years ago 😆 DISCLOSED 17 Jan 2018 PUBLISHED 29 Aug 2018
Open jason-upchurch opened 4 years ago
rfultz
commented
4 years ago 😆 DISCLOSED 17 Jan 2018 PUBLISHED 29 Aug 2018
rfultz
commented
4 years ago Looking into it, I think it's fine to decrease the priority of this for us. It might be important to address just so it's not outstanding, but we're only using mem for webpack, which builds our code and then that code is tested and deployed to the server. Being that "mem is an optimization used to speed up consecutive function calls by caching the result of calls with identical input", it's only being used when we npm run build or npm run build-production to generate our front-end assets.
rfultz
commented
4 years ago We're moving this to blocked by the Webpack 4 upgrade because it's such a low priority for us and because we're waiting for other orgs to prioritize and address this issue
Summary
Medium severity vulnerability found in mem Description: Denial of Service (DoS) Info: https://snyk.io/vuln/npm:mem:20180117 Introduced through: webpack@3.12.0 From: webpack@3.12.0 > yargs@8.0.2 > os-locale@2.1.0 > mem@1.1.0
Remediation: Upgrade direct dependency webpack@3.12.0 to webpack@4.0.0 (triggers upgrades to webpack@4.0.0)