search

nytimes / kyt

Starting a new JS app? Build, test and run advanced apps with kyt šŸ”„
https://open.nytimes.com/introducing-kyt-our-web-app-configuration-toolkit-9ccddf6f6988
Other
1.92k stars 109 forks source link

Upgrade dependencies that depend on `negotiator` and `tough-cookie` #72

Closed coolov closed 7 years ago

coolov commented 8 years ago

Ran a snyk scan and found some vulnerabilities

āœ— High severity vulnerability found on negotiator@0.5.3
- desc: Regular Expression Denial of Service
- info: https://snyk.io/vuln/npm:negotiator:20160616
- from: newsreader@null > express@4.13.4 > accepts@1.2.13 > negotiator@0.5.3
Upgrade direct dependency express@4.13.4 to express@4.14.0 (triggers upgrades to accepts@1.3.3 > negotiator@0.6.1)

āœ— High severity vulnerability found on negotiator@0.5.3
- desc: Regular Expression Denial of Service
- info: https://snyk.io/vuln/npm:negotiator:20160616
- from: newsreader@null > kyt@0.0.1 > webpack-dev-server@2.1.0-beta.0 > express@4.13.4 > accepts@1.2.13 > negotiator@0.5.3
No direct dependency upgrade can address this issue.
Run `snyk wizard` to explore remediation options.

āœ— High severity vulnerability found on tough-cookie@2.2.2
- desc: ReDoS via long string of semicolons
- info: https://snyk.io/vuln/npm:tough-cookie:20160722
- from: newsreader@null > kyt@0.0.1 > chokidar@1.6.0 > fsevents@1.0.14 > node-pre-gyp@0.6.29 > request@2.73.0 > tough-cookie@2.2.2
Your dependencies are out of date, otherwise you would be using a newer tough-cookie than tough-cookie@2.2.2.
Try deleting node_modules, reinstalling and running `snyk test` again.
If the problem persists, one of your dependencies may be bundling outdated modules.

āœ— High severity vulnerability found on tough-cookie@2.2.2
- desc: ReDoS via long string of semicolons
- info: https://snyk.io/vuln/npm:tough-cookie:20160722
- from: newsreader@null > kyt@0.0.1 > babel-cli@6.11.4 > chokidar@1.6.0 > fsevents@1.0.14 > node-pre-gyp@0.6.29 > request@2.73.0 > tough-cookie@2.2.2
Your dependencies are out of date, otherwise you would be using a newer tough-cookie than tough-cookie@2.2.2.
Try deleting node_modules, reinstalling and running `snyk test` again.
If the problem persists, one of your dependencies may be bundling outdated modules.

āœ— High severity vulnerability found on tough-cookie@2.2.2
- desc: ReDoS via long string of semicolons
- info: https://snyk.io/vuln/npm:tough-cookie:20160722
- from: newsreader@null > kyt@0.0.1 > ava@0.15.2 > chokidar@1.6.0 > fsevents@1.0.14 > node-pre-gyp@0.6.29 > request@2.73.0 > tough-cookie@2.2.2
Your dependencies are out of date, otherwise you would be using a newer tough-cookie than tough-cookie@2.2.2.
Try deleting node_modules, reinstalling and running `snyk test` again.
If the problem persists, one of your dependencies may be bundling outdated modules.

āœ— High severity vulnerability found on tough-cookie@2.2.2
- desc: ReDoS via long string of semicolons
- info: https://snyk.io/vuln/npm:tough-cookie:20160722
- from: newsreader@null > kyt@0.0.1 > webpack@2.1.0-beta.21 > watchpack@1.1.0 > chokidar@1.6.0 > fsevents@1.0.14 > node-pre-gyp@0.6.29 > request@2.73.0 > tough-cookie@2.2.2
Your dependencies are out of date, otherwise you would be using a newer tough-cookie than tough-cookie@2.2.2.
Try deleting node_modules, reinstalling and running `snyk test` again.
If the problem persists, one of your dependencies may be bundling outdated modules.

Tested 967 dependencies for known vulnerabilities, found 2 vulnerabilities, 6 vulnerable paths.

Run `snyk wizard` to address these issues.
Olov-Sundstrom-MBP:newsreader 206124$ snyk test
āœ— High severity vulnerability found on negotiator@0.5.3
- desc: Regular Expression Denial of Service
- info: https://snyk.io/vuln/npm:negotiator:20160616
- from: newsreader@null > express@4.13.4 > accepts@1.2.13 > negotiator@0.5.3
Upgrade direct dependency express@4.13.4 to express@4.14.0 (triggers upgrades to accepts@1.3.3 > negotiator@0.6.1)

āœ— High severity vulnerability found on negotiator@0.5.3
- desc: Regular Expression Denial of Service
- info: https://snyk.io/vuln/npm:negotiator:20160616
- from: newsreader@null > kyt@0.0.1 > webpack-dev-server@2.1.0-beta.0 > express@4.13.4 > accepts@1.2.13 > negotiator@0.5.3
No direct dependency upgrade can address this issue.
Run `snyk wizard` to explore remediation options.

āœ— High severity vulnerability found on tough-cookie@2.2.2
- desc: ReDoS via long string of semicolons
- info: https://snyk.io/vuln/npm:tough-cookie:20160722
- from: newsreader@null > kyt@0.0.1 > chokidar@1.6.0 > fsevents@1.0.14 > node-pre-gyp@0.6.29 > request@2.73.0 > tough-cookie@2.2.2
Your dependencies are out of date, otherwise you would be using a newer tough-cookie than tough-cookie@2.2.2.
Try deleting node_modules, reinstalling and running `snyk test` again.
If the problem persists, one of your dependencies may be bundling outdated modules.

āœ— High severity vulnerability found on tough-cookie@2.2.2
- desc: ReDoS via long string of semicolons
- info: https://snyk.io/vuln/npm:tough-cookie:20160722
- from: newsreader@null > kyt@0.0.1 > babel-cli@6.11.4 > chokidar@1.6.0 > fsevents@1.0.14 > node-pre-gyp@0.6.29 > request@2.73.0 > tough-cookie@2.2.2
Your dependencies are out of date, otherwise you would be using a newer tough-cookie than tough-cookie@2.2.2.
Try deleting node_modules, reinstalling and running `snyk test` again.
If the problem persists, one of your dependencies may be bundling outdated modules.

āœ— High severity vulnerability found on tough-cookie@2.2.2
- desc: ReDoS via long string of semicolons
- info: https://snyk.io/vuln/npm:tough-cookie:20160722
- from: newsreader@null > kyt@0.0.1 > ava@0.15.2 > chokidar@1.6.0 > fsevents@1.0.14 > node-pre-gyp@0.6.29 > request@2.73.0 > tough-cookie@2.2.2
Your dependencies are out of date, otherwise you would be using a newer tough-cookie than tough-cookie@2.2.2.
Try deleting node_modules, reinstalling and running `snyk test` again.
If the problem persists, one of your dependencies may be bundling outdated modules.

āœ— High severity vulnerability found on tough-cookie@2.2.2
- desc: ReDoS via long string of semicolons
- info: https://snyk.io/vuln/npm:tough-cookie:20160722
- from: newsreader@null > kyt@0.0.1 > webpack@2.1.0-beta.21 > watchpack@1.1.0 > chokidar@1.6.0 > fsevents@1.0.14 > node-pre-gyp@0.6.29 > request@2.73.0 > tough-cookie@2.2.2
Your dependencies are out of date, otherwise you would be using a newer tough-cookie than tough-cookie@2.2.2.
Try deleting node_modules, reinstalling and running `snyk test` again.
If the problem persists, one of your dependencies may be bundling outdated modules.
delambo commented 7 years ago

These dependencies have been updated since.