search

kintesh / containerise

Firefox extension to automatically open websites in a container
MIT License
411 stars 55 forks source link

(Almost) fix the audit #126

Closed mircohacker closed 4 years ago

mircohacker commented 4 years ago

A red audit breaks the current build script. Therefor this PR aims to make the audit as green as possible.

Updates the packages jest and web-ext to contain no to less vulnerabilities. Also ran npm audit fix to fix ~38000 low, 21 moderate and 4 critical vulnerabilities.

The remaining vulnerability is in minimist and not yet fixed upstream in web-ext. npm shrinkwrap should be able to fix this. But I'd rather wait some time for web-ext to fix this upstream as the vulnerabilities are only low severity.

                       === npm audit security report ===                        

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ web-ext [dev]                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ web-ext > chrome-launcher > mkdirp > minimist                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ web-ext [dev]                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ web-ext > mkdirp > minimist                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 2 low severity vulnerabilities in 262921 scanned packages
  2 vulnerabilities require manual review. See the full report for details.