Karma: Vulnerability 1012 - Need new release
Hey,
There is currently a security vulnerability in your released package 4.1.0
https://www.npmjs.com/advisories/1012
It is due to the version of braces being used, however it looks like that's been fixed in master. Will there be a release any time soon?
dalefrancis88
All 6 comments
High: Prototype Pollution
Package: mixin-deep
Patched in: >=2.0.1
Dependency of: karma
Path: karma > braces > snapdragon > base > mixin-deep
More info: https://npmjs.com/advisories/1013
I'm also getting this vulnerability as well as the one listed above
khkyler
on 12 Jul 2019
Hi,
I'm getting 110 high severity vulnerabilities in an Angular project, all related to set-value package. Message below:
High: Prototype Pollution
Package: set-value
Patched in >=3.0.1
Dependency of karma [dev]
Path: karma > chokidar > readdirp > micromatch > snapdragon > base > cache-base > union-value > set-value
More info: https://npmjs.com/advisories/1012
ionut-t
on 12 Jul 2019
Please don’t open issues about these vulnerabilities. We already get tons of notifications and annoying panels in the UI.
If this is important to you, send a PR to fix it.
johnjbarton
on 13 Jul 2019
Dude! Did you even read what the question was before you closed it? It wasn't raising because there needs to be work done, it was raising because it HAS been done and i'd like to know when there would be a release? I appreciate the work of the open source community and of this package itself, but it's a pretty uncool thing to reply with a curt remark and close and issue when you're not addressing the original question.
dalefrancis88
on 13 Jul 2019
Please use a descriptive title like “Please release a new version”. Which I did, 4.2 is out, try it.
johnjbarton
on 13 Jul 2019
Ahh yes i see that ... released 26 min ago, i shall go check that out.
dalefrancis88
on 13 Jul 2019
Related issues
HerrDerb
·
5Comments
jambonrose
·
5Comments
mboughaba
·
3Comments
TKTheTechie
·
4Comments
VinishaDsouza
·
3Comments