Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm audit vulnerabilities found in chart.js 2.7.3 (27 high , 60 moderate , 26 low)... #5838

Closed
vinaynijhawan opened this issue Nov 15, 2018 · 2 comments · Fixed by #7295
Closed

npm audit vulnerabilities found in chart.js 2.7.3 (27 high , 60 moderate , 26 low)... #5838

vinaynijhawan opened this issue Nov 15, 2018 · 2 comments · Fixed by #7295
Labels
type: infrastructure

Comments

@vinaynijhawan
Copy link

vinaynijhawan commented Nov 15, 2018
edited

Please let us know how to remove all these vulnerabilites.

run npm install on your package
run npm install package-lock-only
run npm audit
you will see lot of vulenrabilities (27 high , 60 moderate , 26 low)

Expected Behavior

Current Behavior

Possible Solution

Steps to Reproduce (for bugs)

  1. run npm install on your package
  2. run npm install package-lock-only
  3. run npm audit
  4. you will see lot of vulenrabilities

Context

Environment

  • Chart.js version:
  • Browser name and version:
  • Link to your project:
@simonbrunel simonbrunel added this to the Version 2.8 milestone Nov 15, 2018
@simonbrunel
Copy link
Member

Thanks @vinaynijhawan for reporting these issues, I'm going to update our environment. As of 2.7.3, it should have no impact on your final build since all vulnerabilities come only from the following dev dependencies:

  • gitbook-cli
  • gulp
  • gulp-connect
  • karma

@simonbrunel simonbrunel mentioned this issue Nov 15, 2018
Merged
@simonbrunel
Copy link
Member

@vinaynijhawan Unfortunately #5840 will not remove all issues because remaining ones are from the gitbook package which doesn't seem maintained anymore so we will not be able to eliminate associated vulnerabilities (see GitbookIO/gitbook-cli#87). It's annoying but it's really minor because this dependency (gitbook) is not involved in the build process (only used to generate our HTML doc).

@simonbrunel simonbrunel removed this from the Version 2.8 milestone Feb 13, 2019
@benmccann benmccann mentioned this issue Apr 28, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: infrastructure
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Migrate from GitBook to Docusaurus benmccann/Chart.js
2 participants
@simonbrunel @vinaynijhawan