Reveal.js: npm audit throws 1 high and 8 low vulnerabilities warnings

Created on 15 Oct 2018  路  4Comments  路  Source: hakimel/reveal.js

Hey All,

I downloaded reveal.js on 15.10.2018 at 10:55 as "version": "3.7.0".
Right after running npm install I get npm audit warnings, which you might want to look at to provide an even more flawless project experience. As it is just 1 high and 8 low vulnerabilities this might not be that critical but anyway ...

See below for more details. If you are already aware of it or do not find it worth looking at feel free to close this.

Best,
enosinger

... reveal.js>npm audit

                       === npm audit security report ===

# Run  npm install --save-dev [email protected]  to resolve 9 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change

  Low             Regular Expression Denial of Service

  Package         debug

  Dependency of   socket.io [dev]

  Path            socket.io > debug

  More info       https://nodesecurity.io/advisories/534




  Low             Regular Expression Denial of Service

  Package         debug

  Dependency of   socket.io [dev]

  Path            socket.io > engine.io > debug

  More info       https://nodesecurity.io/advisories/534




  Low             Regular Expression Denial of Service

  Package         debug

  Dependency of   socket.io [dev]

  Path            socket.io > socket.io-adapter > debug

  More info       https://nodesecurity.io/advisories/534




  Low             Regular Expression Denial of Service

  Package         debug

  Dependency of   socket.io [dev]

  Path            socket.io > socket.io-client > debug

  More info       https://nodesecurity.io/advisories/534




  Low             Regular Expression Denial of Service

  Package         debug

  Dependency of   socket.io [dev]

  Path            socket.io > socket.io-client > engine.io-client > debug

  More info       https://nodesecurity.io/advisories/534




  Low             Regular Expression Denial of Service

  Package         debug

  Dependency of   socket.io [dev]

  Path            socket.io > socket.io-adapter > socket.io-parser > debug

  More info       https://nodesecurity.io/advisories/534




  Low             Regular Expression Denial of Service

  Package         debug

  Dependency of   socket.io [dev]

  Path            socket.io > socket.io-client > socket.io-parser > debug

  More info       https://nodesecurity.io/advisories/534




  Low             Regular Expression Denial of Service

  Package         debug

  Dependency of   socket.io [dev]

  Path            socket.io > socket.io-parser > debug

  More info       https://nodesecurity.io/advisories/534




  High            Regular Expression Denial of Service

  Package         parsejson

  Dependency of   socket.io [dev]

  Path            socket.io > socket.io-client > engine.io-client > parsejson

  More info       https://nodesecurity.io/advisories/528



found 9 vulnerabilities (8 low, 1 high) in 2659 scanned packages
  9 vulnerabilities require semver-major dependency updates.

Most helpful comment

can confirm (using nodesource/8.12.0)

All issues above were fixed with socket.io 2.0.2 (their dependencies)

All 4 comments

Hello Enosinger,
What is your node.js version ?
Best,
Tigtol

can confirm (using nodesource/8.12.0)

All issues above were fixed with socket.io 2.0.2 (their dependencies)

Still needs the upgrade

upgraded to 2.2.0 in the dev branch baac3413ed2ede52359edcf03d14279bfa5d8ec7

Was this page helpful?
0 / 5 - 0 ratings

Related issues

bamos picture bamos  路  3Comments

togakangaroo picture togakangaroo  路  4Comments

justmytwospence picture justmytwospence  路  4Comments

ghost picture ghost  路  5Comments

MurhafSousli picture MurhafSousli  路  5Comments