address security warnings #29

stefan-guggisberg · 2018-09-17T14:02:08Z

No description provided.

stefan-guggisberg · 2018-09-17T14:49:58Z

there's security warnings regarding hoek. hoek enters the dependency tree via nodegit via node-pre-gyp.

stefan-guggisberg · 2018-09-18T13:16:16Z

there are security warnings regarding growl and cryptiles, both indirectly entering the dependency tree via nodegit.

see e.g. nickmerwin/node-coveralls#188

stefan-guggisberg · 2018-09-18T13:38:57Z

the vulnerabilities enter via nodegit.

i've created a PR: nodegit/nodegit#1547

stefan-guggisberg · 2018-09-18T15:13:58Z

for now using nodegit fork which includes fixes for vulnerabilities.

once PR nodegit/nodegit#1547 has been accepted or the vulnerabilities have been fixed otherwise we'll return to using official npm published version of nodegit.

closing issue.

stefan-guggisberg self-assigned this Sep 17, 2018

stefan-guggisberg added a commit that referenced this issue Sep 18, 2018

#29 use nodegit fork

5177dc7

stefan-guggisberg closed this as completed Sep 18, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

address security warnings #29

address security warnings #29

stefan-guggisberg commented Sep 17, 2018

stefan-guggisberg commented Sep 17, 2018

stefan-guggisberg commented Sep 18, 2018

stefan-guggisberg commented Sep 18, 2018

stefan-guggisberg commented Sep 18, 2018

address security warnings #29

address security warnings #29

Comments

stefan-guggisberg commented Sep 17, 2018

stefan-guggisberg commented Sep 17, 2018

stefan-guggisberg commented Sep 18, 2018

stefan-guggisberg commented Sep 18, 2018

stefan-guggisberg commented Sep 18, 2018