sam-github
commented
8 years ago FYI, I've PRs open to address these, thank you, and latest loopback explorer doesn't trigger any nsp warnings.
Closed mikewli closed 7 years ago
sam-github
commented
8 years ago FYI, I've PRs open to address these, thank you, and latest loopback explorer doesn't trigger any nsp warnings.
mikewli
commented
7 years ago Thanks, it appears to be resolved.
Hi all,
I have nsp version 2.4.0 (https://www.npmjs.com/package/nsp) integrated into my security testing for my project, and am currently using the latest version 5.2.1 of strong-pm, however a number of dependencies are vulnerable, and is preventing me from deploying currently. I could override these security issues (or disable nsp in the worst case) to deploy, but I'd like a more permanent solution.
Here are the list of dependencies that are vulnerable (if you run nsp check): strong-pm@5.2.1 > tar@1.0.3 strong-pm@5.2.1 > minkelite@1.2.5 > express@4.9.8 > send@0.9.3 > ms@0.6.2 strong-pm@5.2.1 > strong-runner@5.0.3 > strong-supervisor@3.3.3 > strong-agent@2.0.3 > semver@2.2.1 strong-pm@5.2.1 > strong-runner@5.0.3 > strong-control-channel@2.2.2 > ws@0.8.1 strong-pm@5.2.1 > strong-mesh-models@8.1.0 > loopback-explorer@1.8.0 > swagger-ui@2.0.24 > handlebars@1.0.12 strong-pm@5.2.1 > strong-mesh-models@8.1.0 > loopback-explorer@1.8.0 > swagger-ui@2.0.24 > handlebars@1.0.12 > uglify-js@2.3.6 strong-pm@5.2.1 > strong-mesh-models@8.1.0 > loopback-explorer@1.8.0 > swagger-ui@2.0.24 > handlebars@1.0.12 > uglify-js@2.3.6
Some of these are not necessarily the fault of this particular repo, but nonetheless I figure that some of these must be ones you can fix by updating the dependencies, and then telling me which ones you cannot, since presumably loopback-explorer might belong to a different team.