On 12/13/19 8:42 AM, Alberto Viana
wrote:
There are a lot of npm packages in our cockpit plugin, and unfortunately audit issues come up very often. We try and run "npm audit fix" from 389-ds-base/src/cockpit/389-console on a regular basis, and then do upstream releases accordingly. it's just the nature of the beast :-/Hi,
During my tests and install of 389-ds cockpit plugin via npm I got this warning:
"overview": "Versions of `handlebars` prior to 4.5.3 are vulnerable to prototype pollution. It is possible to add or modify properties to the Object prototype through a malicious template. This may allow attackers to crash the application or execute Arbitrary Code in specific conditions.",
"recommendation": "Upgrade to version 4.5.3 or later.",
I had to update package-lock.json pointing to the latest version of handlebars(4.5.3) in order to install it.
Just to let you guys know.
Cheers,
Alberto Viana
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
-- 389 Directory Server Development Team
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx