Apollo-module: THIS IS A SECURY ISSUE! - [email protected]

Created on 27 Nov 2018  路  3Comments  路  Source: nuxt-community/apollo-module

THIS IS A SECURY ISSUE!

Version

v4.0.0-rc.3

Reproduction link

https://github.com/dominictarr/event-stream/issues/116
https://www.npmjs.com/advisories/737

Steps to reproduce

Run yarn audit in a project that has @nuxtjs/apollo as a dependency.

Bildschirmfoto 2018-11-27 um 11.38.55.png

What is expected ?

flatmap-stream > 0.1.1

What is actually happening?

flatmap-stream = 0.1.1

THIS IS A SECURY ISSUE!

https://github.com/dominictarr/event-stream/issues/116
https://www.npmjs.com/advisories/737

This bug report is available on Nuxt community (#c161)
bug-report

All 3 comments

I think you have to re-publish the package on npm after the build. Seems that the issue does not exists when checking out the repo and installing. Will try to remove my node_modules in my project and install again...

Update: If you have that issue, remove the whole node_modules and your yarn.lock or package-lock.json and run the install again. After that you should be save.

My advice would still be a bump in version so that would not be neccessary anymore as the given lock files would be updated and the end user only needs to bump the version or do a normal install again.

image

It's the vue-cli plugin that is affected, not that lib.

However, I've updated the deps on the branch 馃憤

Was this page helpful?
0 / 5 - 0 ratings

Related issues

Teeoo picture Teeoo  路  4Comments

Billybobbonnet picture Billybobbonnet  路  4Comments

lindesvard picture lindesvard  路  7Comments

dmitryyankowski picture dmitryyankowski  路  9Comments

DanielLourie picture DanielLourie  路  4Comments