No More Posting New Topics!

If you have a question or an issue, please start a thread in our Github Discussions Forum.
This forum is closed for new threads/ topics.

Navigation

    Quasar Framework
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search

    NPM Audit information

    Framework
    3
    3
    430
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Hawkeye64
      Hawkeye64 last edited by

      @rstoenescu FYI…

      $ npm audit

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ lodash                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=4.17.5                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ quasar-cli [dev]                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ quasar-cli > ouch > lodash                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/577                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 14191 scanned packages
  1 vulnerability requires manual review. See the full report for details.
$ quasar -v
0.17.9
$
      1 Reply Last reply Reply Quote 1
      • rstoenescu
        rstoenescu Admin last edited by

        Hi,

        Report it to Ouch npm package owners pls. This does not affects the distributables created with Quasar as Ouch is used only while developing.

        1 Reply Last reply Reply Quote 0
        • ssuess
          ssuess last edited by

          I believe they just fixed this: https://github.com/quorrajs/Ouch/issues/16

          1 Reply Last reply Reply Quote 1
          • First post
            Last post