Consider replacing dependency "node-slate" with "whiteboard" - Githubissues

pinntech / gulp-node-slate

node-slate as a gulp task

MIT License

9 stars 0 forks source link

Consider replacing dependency "node-slate" with "whiteboard" #5

Open dpilafian opened 6 years ago

dpilafian commented 6 years ago

node-slate A fork of a dead project that is a node implementation of Slate. https://github.com/center-key/node-slate

whiteboard A project closing in on a thousand stars that is a node implementation of Slate. https://github.com/mpociot/whiteboard

...or make node-slate a fork of whiteboard.

Lemmmy commented 6 years ago

I think this should be fast-tracked, as gulp-node-slate's outdated/abandoned dependencies are the source of almost all security vulnerabilities in my project. From npm audit:

High	Regular Expression Denial of Service
Package	minimatch
Patched in	>=3.0.2
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp > vinyl-fs > glob-stream > glob > minimatch
More info	https://nodesecurity.io/advisories/118

High	Regular Expression Denial of Service
Package	minimatch
Patched in	>=3.0.2
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp > vinyl-fs > glob-stream > minimatch
More info	https://nodesecurity.io/advisories/118

High	Regular Expression Denial of Service
Package	minimatch
Patched in	>=3.0.2
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-htmlhint > htmlhint > jshint > minimatch
More info	https://nodesecurity.io/advisories/118

High	Regular Expression Denial of Service
Package	minimatch
Patched in	>=3.0.2
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp > vinyl-fs > glob-watcher > gaze > globule > glob > minimatch
More info	https://nodesecurity.io/advisories/118

High	Regular Expression Denial of Service
Package	minimatch
Patched in	>=3.0.2
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch
More info	https://nodesecurity.io/advisories/118

High	Regular Expression Denial of Service
Package	minimatch
Patched in	>=3.0.2
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-htmlhint > htmlhint > jshint > cli > glob > minimatch
More info	https://nodesecurity.io/advisories/118

Moderate	Prototype pollution
Package	hoek
Patched in	> 4.2.0 < 5.0.0	>= 5.0.3
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-sass > node-sass > request > hawk > boom > hoek
More info	https://nodesecurity.io/advisories/566

Moderate	Prototype pollution
Package	hoek
Patched in	> 4.2.0 < 5.0.0	>= 5.0.3
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-sass > node-sass > request > hawk > cryptiles > boom > hoek
More info	https://nodesecurity.io/advisories/566

Moderate	Prototype pollution
Package	hoek
Patched in	> 4.2.0 < 5.0.0	>= 5.0.3
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-sass > node-sass > request > hawk > hoek
More info	https://nodesecurity.io/advisories/566

Moderate	Prototype pollution
Package	hoek
Patched in	> 4.2.0 < 5.0.0	>= 5.0.3
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-sass > node-sass > request > hawk > sntp > hoek
More info	https://nodesecurity.io/advisories/566

Moderate	Prototype pollution
Package	hoek
Patched in	> 4.2.0 < 5.0.0	>= 5.0.3
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > node-sass > request > hawk > boom > hoek
More info	https://nodesecurity.io/advisories/566

Moderate	Prototype pollution
Package	hoek
Patched in	> 4.2.0 < 5.0.0	>= 5.0.3
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > node-sass > request > hawk > cryptiles > boom > hoek
More info	https://nodesecurity.io/advisories/566

Moderate	Prototype pollution
Package	hoek
Patched in	> 4.2.0 < 5.0.0	>= 5.0.3
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > node-sass > request > hawk > hoek
More info	https://nodesecurity.io/advisories/566

Moderate	Prototype pollution
Package	hoek
Patched in	> 4.2.0 < 5.0.0	>= 5.0.3
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > node-sass > request > hawk > sntp > hoek
More info	https://nodesecurity.io/advisories/566

Critical	Command Injection
Package	open
Patched in	No patch available
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-open > open
More info	https://nodesecurity.io/advisories/663

Moderate	Regular Expression Denial of Service
Package	mime
Patched in	>= 1.4.1 < 2.0.0	>= 2.0.3
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-w3cjs > w3cjs > superagent > form-data > mime
More info	https://nodesecurity.io/advisories/535

Moderate	Regular Expression Denial of Service
Package	mime
Patched in	>= 1.4.1 < 2.0.0	>= 2.0.3
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-w3cjs > w3cjs > superagent > mime
More info	https://nodesecurity.io/advisories/535

Low	Prototype Pollution
Package	lodash
Patched in	>=4.17.5
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp > vinyl-fs > glob-watcher > gaze > globule > lodash
More info	https://nodesecurity.io/advisories/577

Low	Prototype Pollution
Package	lodash
Patched in	>=4.17.5
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-htmlhint > htmlhint > jshint > lodash
More info	https://nodesecurity.io/advisories/577

Low	Prototype Pollution
Package	lodash
Patched in	>=4.17.5
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > jshint > lodash
More info	https://nodesecurity.io/advisories/577

Moderate	Memory Exposure
Package	tunnel-agent
Patched in	>=0.6.0
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-sass > node-sass > request > tunnel-agent
More info	https://nodesecurity.io/advisories/598

Moderate	Memory Exposure
Package	tunnel-agent
Patched in	>=0.6.0
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > node-sass > request > tunnel-agent
More info	https://nodesecurity.io/advisories/598

High	Denial of Service
Package	http-proxy-agent
Patched in	>=2.1.0
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-w3cjs > w3cjs > superagent-proxy > proxy-agent > http-proxy-agent
More info	https://nodesecurity.io/advisories/607

High	Denial of Service
Package	https-proxy-agent
Patched in	>=2.2.0
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-w3cjs > w3cjs > superagent-proxy > proxy-agent > https-proxy-agent
More info	https://nodesecurity.io/advisories/593

Low	Large gzip Denial of Service
Package	superagent
Patched in	>=3.7.0
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-w3cjs > w3cjs > superagent
More info	https://nodesecurity.io/advisories/479

Low	Arbitrary File Write
Package	cli
Patched in	>=1.0.0
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-htmlhint > htmlhint > jshint > cli
More info	https://nodesecurity.io/advisories/95

Low	Regular Expression Denial of Service
Package	debug
Patched in	>= 2.6.9 < 3.0.0	>= 3.1.0
Dependency of	gulp-node-slate [dev]
Path	gulp-node-slate > node-slate > gulp-w3cjs > w3cjs > superagent-proxy > debug
More info	https://nodesecurity.io/advisories/534