issues
search
rstudio
/
shinydashboard
Shiny Dashboarding framework
https://rstudio.github.io/shinydashboard/
Other
886
stars
300
forks
source link
Upgrade grunt-eslint to suppress vulnerability message
#331
Closed
scottmmjackson
closed
4 years ago
scottmmjackson
commented
4 years ago
Commands executed
```bash $ cd tools $ yarn audit yarn audit yarn audit v1.13.0 warning package.json: No license field warning No license field ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ critical │ Arbitrary Code Execution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ eslint-utils │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=1.4.1 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ grunt-eslint │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ grunt-eslint > eslint > eslint-utils │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/1118 │ └───────────────┴──────────────────────────────────────────────────────────────┘ 1 vulnerabilities found - Packages audited: 662 Severity: 1 Critical ✨ Done in 0.79s. $ yarn upgrade grunt-eslint yarn upgrade v1.13.0 warning package.json: No license field warning No license field warning No license field warning No license field [1/4] 🔍 Resolving packages... [2/4] 🚚 Fetching packages... [3/4] 🔗 Linking dependencies... [4/4] 🔨 Rebuilding all packages... success Saved lockfile. warning No license field success Saved 84 new dependencies. info Direct dependencies └─ grunt-eslint@21.1.0 info All dependencies ├─ @babel/code-frame@7.5.5 ├─ @babel/highlight@7.5.0 ├─ acorn-jsx@5.0.2 ├─ acorn@6.3.0 ├─ ajv@6.10.2 ├─ ansi-escapes@3.2.0 ├─ ansi-styles@3.2.1 ├─ argparse@1.0.10 ├─ astral-regex@1.0.0 ├─ balanced-match@1.0.0 ├─ brace-expansion@1.1.11 ├─ callsites@3.1.0 ├─ chardet@0.7.0 ├─ cli-cursor@2.1.0 ├─ cli-width@2.2.0 ├─ color-convert@1.9.3 ├─ color-name@1.1.3 ├─ concat-map@0.0.1 ├─ cross-spawn@6.0.5 ├─ deep-is@0.1.3 ├─ doctrine@3.0.0 ├─ emoji-regex@7.0.3 ├─ eslint-scope@4.0.3 ├─ eslint-utils@1.4.2 ├─ eslint@5.16.0 ├─ espree@5.0.1 ├─ esprima@4.0.1 ├─ esquery@1.0.1 ├─ esrecurse@4.2.1 ├─ estraverse@4.3.0 ├─ external-editor@3.1.0 ├─ fast-deep-equal@2.0.1 ├─ fast-json-stable-stringify@2.0.0 ├─ fast-levenshtein@2.0.6 ├─ file-entry-cache@5.0.1 ├─ flat-cache@2.0.1 ├─ flatted@2.0.1 ├─ functional-red-black-tree@1.0.1 ├─ glob@7.1.4 ├─ globals@11.12.0 ├─ grunt-eslint@21.1.0 ├─ has-flag@3.0.0 ├─ ignore@4.0.6 ├─ import-fresh@3.1.0 ├─ imurmurhash@0.1.4 ├─ inquirer@6.5.2 ├─ is-promise@2.1.0 ├─ isexe@2.0.0 ├─ js-tokens@4.0.0 ├─ json-schema-traverse@0.4.1 ├─ json-stable-stringify-without-jsonify@1.0.1 ├─ levn@0.3.0 ├─ mimic-fn@1.2.0 ├─ minimist@0.0.8 ├─ mute-stream@0.0.7 ├─ natural-compare@1.4.0 ├─ nice-try@1.0.5 ├─ onetime@2.0.1 ├─ optionator@0.8.2 ├─ os-tmpdir@1.0.2 ├─ parent-module@1.0.1 ├─ path-is-inside@1.0.2 ├─ path-key@2.0.1 ├─ progress@2.0.3 ├─ punycode@2.1.1 ├─ regexpp@2.0.1 ├─ resolve-from@4.0.0 ├─ restore-cursor@2.0.0 ├─ run-async@2.3.0 ├─ rxjs@6.5.3 ├─ safer-buffer@2.1.2 ├─ semver@5.7.1 ├─ shebang-command@1.2.0 ├─ shebang-regex@1.0.0 ├─ slice-ansi@2.1.0 ├─ string-width@2.1.1 ├─ table@5.4.6 ├─ text-table@0.2.0 ├─ through@2.3.8 ├─ tmp@0.0.33 ├─ tslib@1.10.0 ├─ uri-js@4.2.2 ├─ wordwrap@1.0.0 └─ write@1.0.3 ✨ Done in 6.54s. $ yarn audit yarn audit v1.13.0 warning package.json: No license field warning No license field 0 vulnerabilities found - Packages audited: 662 ✨ Done in 1.36s. $ grunt Running "newer:concat" (newer) task Running "newer:concat:shinydashboard" (newer) task Running "concat:shinydashboard" (concat) task Running "newer-postrun:concat:shinydashboard:1:/Users/scottmmjackson/shinydashboard/tools/node_modules/grunt-newer/.cache" (newer-postrun) task Running "newer:concat:adminlte" (newer) task Running "concat:adminlte" (concat) task Running "newer-postrun:concat:adminlte:2:/Users/scottmmjackson/shinydashboard/tools/node_modules/grunt-newer/.cache" (newer-postrun) task Running "newer:eslint" (newer) task Running "newer:eslint:shinydashboard" (newer) task Running "eslint:shinydashboard" (eslint) task Running "newer-postrun:eslint:shinydashboard:3:/Users/scottmmjackson/shinydashboard/tools/node_modules/grunt-newer/.cache" (newer-postrun) task Running "newer:uglify" (newer) task Running "newer:uglify:shinydashboard" (newer) task Running "uglify:shinydashboard" (uglify) task >> 1 sourcemap created. >> 1 file created 12.06 kB → 4.02 kB Running "newer-postrun:uglify:shinydashboard:4:/Users/scottmmjackson/shinydashboard/tools/node_modules/grunt-newer/.cache" (newer-postrun) task Running "newer:uglify:adminlte" (newer) task Running "uglify:adminlte" (uglify) task >> 1 sourcemap created. >> 1 file created 24.04 kB → 9.63 kB Running "newer-postrun:uglify:adminlte:5:/Users/scottmmjackson/shinydashboard/tools/node_modules/grunt-newer/.cache" (newer-postrun) task Running "newer:cssmin" (newer) task Running "newer:cssmin:adminlte" (newer) task No newer files to process. Running "newer:cssmin:adminlte_themes" (newer) task No newer files to process. Done. $ git status M ../inst/AdminLTE/app.min.js M ../inst/AdminLTE/app.min.js.map M ../inst/shinydashboard.min.js M ../inst/shinydashboard.min.js.map M yarn.lock ```
Commands executed
```bash $ cd tools $ yarn audit yarn audit yarn audit v1.13.0 warning package.json: No license field warning No license field ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ critical │ Arbitrary Code Execution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ eslint-utils │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=1.4.1 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ grunt-eslint │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ grunt-eslint > eslint > eslint-utils │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://nodesecurity.io/advisories/1118 │ └───────────────┴──────────────────────────────────────────────────────────────┘ 1 vulnerabilities found - Packages audited: 662 Severity: 1 Critical ✨ Done in 0.79s. $ yarn upgrade grunt-eslint yarn upgrade v1.13.0 warning package.json: No license field warning No license field warning No license field warning No license field [1/4] 🔍 Resolving packages... [2/4] 🚚 Fetching packages... [3/4] 🔗 Linking dependencies... [4/4] 🔨 Rebuilding all packages... success Saved lockfile. warning No license field success Saved 84 new dependencies. info Direct dependencies └─ grunt-eslint@21.1.0 info All dependencies ├─ @babel/code-frame@7.5.5 ├─ @babel/highlight@7.5.0 ├─ acorn-jsx@5.0.2 ├─ acorn@6.3.0 ├─ ajv@6.10.2 ├─ ansi-escapes@3.2.0 ├─ ansi-styles@3.2.1 ├─ argparse@1.0.10 ├─ astral-regex@1.0.0 ├─ balanced-match@1.0.0 ├─ brace-expansion@1.1.11 ├─ callsites@3.1.0 ├─ chardet@0.7.0 ├─ cli-cursor@2.1.0 ├─ cli-width@2.2.0 ├─ color-convert@1.9.3 ├─ color-name@1.1.3 ├─ concat-map@0.0.1 ├─ cross-spawn@6.0.5 ├─ deep-is@0.1.3 ├─ doctrine@3.0.0 ├─ emoji-regex@7.0.3 ├─ eslint-scope@4.0.3 ├─ eslint-utils@1.4.2 ├─ eslint@5.16.0 ├─ espree@5.0.1 ├─ esprima@4.0.1 ├─ esquery@1.0.1 ├─ esrecurse@4.2.1 ├─ estraverse@4.3.0 ├─ external-editor@3.1.0 ├─ fast-deep-equal@2.0.1 ├─ fast-json-stable-stringify@2.0.0 ├─ fast-levenshtein@2.0.6 ├─ file-entry-cache@5.0.1 ├─ flat-cache@2.0.1 ├─ flatted@2.0.1 ├─ functional-red-black-tree@1.0.1 ├─ glob@7.1.4 ├─ globals@11.12.0 ├─ grunt-eslint@21.1.0 ├─ has-flag@3.0.0 ├─ ignore@4.0.6 ├─ import-fresh@3.1.0 ├─ imurmurhash@0.1.4 ├─ inquirer@6.5.2 ├─ is-promise@2.1.0 ├─ isexe@2.0.0 ├─ js-tokens@4.0.0 ├─ json-schema-traverse@0.4.1 ├─ json-stable-stringify-without-jsonify@1.0.1 ├─ levn@0.3.0 ├─ mimic-fn@1.2.0 ├─ minimist@0.0.8 ├─ mute-stream@0.0.7 ├─ natural-compare@1.4.0 ├─ nice-try@1.0.5 ├─ onetime@2.0.1 ├─ optionator@0.8.2 ├─ os-tmpdir@1.0.2 ├─ parent-module@1.0.1 ├─ path-is-inside@1.0.2 ├─ path-key@2.0.1 ├─ progress@2.0.3 ├─ punycode@2.1.1 ├─ regexpp@2.0.1 ├─ resolve-from@4.0.0 ├─ restore-cursor@2.0.0 ├─ run-async@2.3.0 ├─ rxjs@6.5.3 ├─ safer-buffer@2.1.2 ├─ semver@5.7.1 ├─ shebang-command@1.2.0 ├─ shebang-regex@1.0.0 ├─ slice-ansi@2.1.0 ├─ string-width@2.1.1 ├─ table@5.4.6 ├─ text-table@0.2.0 ├─ through@2.3.8 ├─ tmp@0.0.33 ├─ tslib@1.10.0 ├─ uri-js@4.2.2 ├─ wordwrap@1.0.0 └─ write@1.0.3 ✨ Done in 6.54s. $ yarn audit yarn audit v1.13.0 warning package.json: No license field warning No license field 0 vulnerabilities found - Packages audited: 662 ✨ Done in 1.36s. $ grunt Running "newer:concat" (newer) task Running "newer:concat:shinydashboard" (newer) task Running "concat:shinydashboard" (concat) task Running "newer-postrun:concat:shinydashboard:1:/Users/scottmmjackson/shinydashboard/tools/node_modules/grunt-newer/.cache" (newer-postrun) task Running "newer:concat:adminlte" (newer) task Running "concat:adminlte" (concat) task Running "newer-postrun:concat:adminlte:2:/Users/scottmmjackson/shinydashboard/tools/node_modules/grunt-newer/.cache" (newer-postrun) task Running "newer:eslint" (newer) task Running "newer:eslint:shinydashboard" (newer) task Running "eslint:shinydashboard" (eslint) task Running "newer-postrun:eslint:shinydashboard:3:/Users/scottmmjackson/shinydashboard/tools/node_modules/grunt-newer/.cache" (newer-postrun) task Running "newer:uglify" (newer) task Running "newer:uglify:shinydashboard" (newer) task Running "uglify:shinydashboard" (uglify) task >> 1 sourcemap created. >> 1 file created 12.06 kB → 4.02 kB Running "newer-postrun:uglify:shinydashboard:4:/Users/scottmmjackson/shinydashboard/tools/node_modules/grunt-newer/.cache" (newer-postrun) task Running "newer:uglify:adminlte" (newer) task Running "uglify:adminlte" (uglify) task >> 1 sourcemap created. >> 1 file created 24.04 kB → 9.63 kB Running "newer-postrun:uglify:adminlte:5:/Users/scottmmjackson/shinydashboard/tools/node_modules/grunt-newer/.cache" (newer-postrun) task Running "newer:cssmin" (newer) task Running "newer:cssmin:adminlte" (newer) task No newer files to process. Running "newer:cssmin:adminlte_themes" (newer) task No newer files to process. Done. $ git status M ../inst/AdminLTE/app.min.js M ../inst/AdminLTE/app.min.js.map M ../inst/shinydashboard.min.js M ../inst/shinydashboard.min.js.map M yarn.lock ```