389-ds-base

Clone
Source Code
GIT

#50560 Issue 50499 - Audit fix - Update npm 'eslint-utils' version
Closed 3 years ago by spichugi. Opened 4 years ago by spichugi.
spichugi/389-ds-base fix_audit  into  master

file modified
+8 -5 
@@ -4738,10 +4738,13 @@ 
 

        }
 

      },
 

      "eslint-utils": {
 

-       "version": "1.3.1",
 

-       "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-1.3.1.tgz",
 

-       "integrity": "sha512-Z7YjnIldX+2XMcjr7ZkgEsOj/bREONV60qYeB/bjMAqqqZ4zxKyWX+BOUkdmRmA9riiIPVvo5x86m5elviOk0Q==",
 

-       "dev": true
 

+       "version": "1.4.2",
 

+       "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-1.4.2.tgz",
 

+       "integrity": "sha512-eAZS2sEUMlIeCjBeubdj45dmBHQwPHWyBcT1VSYB7o9x9WRRqKxyUoiXlRjyAwzN7YEzHJlYg0NmzDRWx6GP4Q==",
 

+       "dev": true,
 

+       "requires": {
 

+         "eslint-visitor-keys": "^1.0.0"
 

+       }
 

      },
 

      "eslint-visitor-keys": {
 

        "version": "1.0.0",
 
@@ -7463,7 +7466,7 @@ 
 

      },
 

      "moment-timezone": {
 

        "version": "0.4.1",
 

-       "resolved": "https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.4.1.tgz",
 

+       "resolved": "http://registry.npmjs.org/moment-timezone/-/moment-timezone-0.4.1.tgz",
 

        "integrity": "sha1-gfWYw61eIs2teWtn7NjYjQ9bqgY=",
 

        "optional": true,
 

        "requires": {

Description: Versions of eslint-utils >=1.2.0 or <1.4.1 are vulnerable
to Arbitrary Code Execution. Update the version.

https://pagure.io/389-ds-base/issue/50499

Reviewed by: ?

 
Passed npm security audit.

Ack.

Pull-Request has been merged by spichugi
4 years ago

Passed npm security audit.

Ack.

Sorry, forgot to change Reviewed by field...
Thanks for the review and reporting!

Could you please cherry-pick this to 1.4.0?

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/3616

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi
3 years ago
Metadata
None
No Tags
Changes Summary 1
+8 -5
file changed
src/cockpit/389-console/package-lock.json
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.