Skip to content

High severity vulnerability in npm dependency #3506

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
adams-family opened this issue Aug 12, 2020 · 1 comment · Fixed by #3514
Closed

High severity vulnerability in npm dependency #3506

adams-family opened this issue Aug 12, 2020 · 1 comment · Fixed by #3514
Labels
outdated scope: node Issues related to Node, Express, NestJS support for Nx type: bug

Comments

@adams-family
Copy link

Current Behavior

npm audit

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Remote Code Execution                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ serialize-javascript                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.1.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @nrwl/express [dev]                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @nrwl/express > @nrwl/node > copy-webpack-plugin >           │
│               │ serialize-javascript                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1548                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

Expected Behavior

No high severity vulnerabilities.

Steps to Reproduce

Very easy:

  1. npx create-nx-workspace npmaudittest
  2. cd npmaudittest/
  3. npm install --save @nrwl/express
  4. npm audit

Environment

  nx : Not Found
  @nrwl/angular : Not Found
  @nrwl/cli : 10.0.11
  @nrwl/cypress : Not Found
  @nrwl/eslint-plugin-nx : Not Found
  @nrwl/express : 10.0.11
  @nrwl/jest : 10.0.11
  @nrwl/linter : 10.0.11
  @nrwl/nest : Not Found
  @nrwl/next : Not Found
  @nrwl/node : 10.0.11
  @nrwl/react : Not Found
  @nrwl/schematics : Not Found
  @nrwl/tao : 10.0.11
  @nrwl/web : Not Found
  @nrwl/workspace : 10.0.11
  typescript : 3.9.7
luchsamapparat added a commit to luchsamapparat/nx that referenced this issue Aug 13, 2020
@luchsamapparat
fix(core): update copy-webpack-plugin
9104b0e 
fixes nrwl#3506
luchsamapparat added a commit to luchsamapparat/nx that referenced this issue Aug 13, 2020
@luchsamapparat
fix(core): update copy-webpack-plugin
825605a 
fixes nrwl#3506
luchsamapparat added a commit to luchsamapparat/nx that referenced this issue Aug 13, 2020
@luchsamapparat
fix(core): update copy-webpack-plugin
6f46a9e 
fixes security vulnerability caused by serialize-javascript < 3.1.0

closes nrwl#3506
@luchsamapparat luchsamapparat mentioned this issue Aug 13, 2020
Merged
@vsavkin vsavkin added the scope: node Issues related to Node, Express, NestJS support for Nx label Aug 13, 2020
jaysoo pushed a commit that referenced this issue Aug 14, 2020
@luchsamapparat @jaysoo
fix(core): update copy-webpack-plugin
6842ab4 
fixes security vulnerability caused by serialize-javascript < 3.1.0

closes #3506
jaysoo pushed a commit to luchsamapparat/nx that referenced this issue Aug 14, 2020
@luchsamapparat @jaysoo
fix(core): update copy-webpack-plugin
470cd9b 
fixes security vulnerability caused by serialize-javascript < 3.1.0

closes nrwl#3506
jaysoo pushed a commit that referenced this issue Aug 14, 2020
@luchsamapparat
fix(core): update copy-webpack-plugin (#3514)
0644c6b 
fixes security vulnerability caused by serialize-javascript < 3.1.0

closes #3506
FrozenPandaz pushed a commit that referenced this issue Aug 18, 2020
@luchsamapparat @FrozenPandaz
fix(core): update copy-webpack-plugin (#3514)
3a2b510 
fixes security vulnerability caused by serialize-javascript < 3.1.0

closes #3506
FrozenPandaz pushed a commit that referenced this issue Aug 18, 2020
@luchsamapparat @FrozenPandaz
fix(core): update copy-webpack-plugin (#3514)
74e84e7 
fixes security vulnerability caused by serialize-javascript < 3.1.0

closes #3506
FrozenPandaz pushed a commit that referenced this issue Aug 18, 2020
@luchsamapparat @FrozenPandaz
fix(core): update copy-webpack-plugin (#3514)

Verified

This commit was signed with the committer’s verified signature.
novemberborn Mark Wubben
GPG key ID: 50ADCD783E7F5EC2
Verified
Learn about vigilant mode
0351ade 
fixes security vulnerability caused by serialize-javascript < 3.1.0

closes #3506
Doginal pushed a commit to Doginal/nx that referenced this issue Nov 25, 2020
@luchsamapparat @Doginal
fix(core): update copy-webpack-plugin (nrwl#3514)

Verified

This commit was signed with the committer’s verified signature.
novemberborn Mark Wubben
GPG key ID: 50ADCD783E7F5EC2
Verified
Learn about vigilant mode
a135276 
fixes security vulnerability caused by serialize-javascript < 3.1.0

closes nrwl#3506
@github-actions
Copy link

This issue has been closed for more than 30 days. If this issue is still occuring, please open a new issue with more recent context.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 24, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
outdated scope: node Issues related to Node, Express, NestJS support for Nx type: bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(core): update copy-webpack-plugin luchsamapparat/nx
2 participants
@vsavkin @adams-family