search

shamrickus / trafficcontrol

Apache Traffic Control is an Open Source implementation of a Content Delivery Network
https://trafficcontrol.apache.org/
Apache License 2.0
0 stars 0 forks source link

NPM Audit Vulnerabilities in traffic-portal #58

Open shamrickus opened 1 year ago

shamrickus commented 1 year ago

This Bug Report affects these Traffic Control components:

Current behavior:

In traffic-portal located at experimental/traffic-portal/ there are npm audit vulnerabilities. These either do not hae a remediation version or the fixed version breaks the constraints specified by the package.json

+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|         Source Package        | Error Package | Severity |                                                                Message                                                                |Fixable|                                      Affected                                      |Fix Version|
+-------------------------------+---------------+----------+---------------------------------------------------------------------------------------------------------------------------------------+-------+------------------------------------------------------------------------------------+-----------+
| @angular-devkit/build-angular |     terser    |   high   | Terser insecure use of regular expressions before v4.8.1 and v5.14.2 leads to ReDoS https://github.com/advisories/GHSA-4wf5-vphf-c2xc |  True | 0.1001.0-next.0 - 12.2.17 || 13.0.0-next.0 - 13.3.8 || 14.0.0-next.0 - 14.1.0-rc.3 |           |
+-------------------------------+---------------+----------+---------------------------------------------------------------------------------------------------------------------------------------+-------+------------------------------------------------------------------------------------+-----------+
|           nightwatch          |   minimatch   |   high   |                            minimatch ReDoS vulnerability https://github.com/advisories/GHSA-f8q6-p94x-37v3                            | False |                      0.2.3-preview.1 || 0.3.2 - 2.3.6-preview                      |   2.5.0   |
+-------------------------------+---------------+----------+---------------------------------------------------------------------------------------------------------------------------------------+-------+------------------------------------------------------------------------------------+-----------+
|           codelyzer           | @angular/core | moderate |                           Cross site scripting in Angular https://github.com/advisories/GHSA-c75v-2vq8-878f                           | False |                                   >=1.0.0-beta.0                                   |   0.0.28  |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Expected behavior:

There should be no npm audit vulnerabilities

Steps to reproduce:

Run npm audit

shamrickus commented 1 year ago

Audit results have changed

shamrickus commented 1 year ago

Audit results have changed

shamrickus commented 1 year ago

Audit results have changed

shamrickus commented 1 year ago

Audit results have changed