Skip to content
This repository was archived by the owner on Aug 20, 2020. It is now read-only.

Security vulnerability for [email protected] #94

Closed
robincher opened this issue Oct 5, 2018 · 2 comments · Fixed by #101
Closed

Security vulnerability for [email protected] #94

robincher opened this issue Oct 5, 2018 · 2 comments · Fixed by #101
Labels
difficulty: medium hacktoberfest status: work in progress type: security

Comments

@robincher
Copy link
Contributor

Issue Summary

There are security vulnerabilities found in [email protected] sub-dependencies. The vulnerabilities found are marked as High-severity, so i thought it should bring this up for the team consideration since it will be a pretty straight-forward fix. The recommended fix is to upgrade mocha to version 4 (minimum)

Expected work to be done

  1. Update Mocha to version 4 (or 5) in package.json
  2. Update travis.yml to ensure travis only run up to node version supported by Mocha version 4 (or 5 the latest)

Steps to Reproduce

  1. npm install
  2. npm audit
  3. Analyse the output.

More information for the vulnerability :
https://snyk.io/test/npm/mocha/2.4.5

Technical details:

  • node-http-client Version: master (latest commit: [a341cf3])
  • Node.js Version:8.x.x
@robincher
Copy link
Contributor Author

@thinkingserious I can take this piece of work if you think it's worthwhile for this month :)

@thinkingserious
Copy link
Contributor

Thank you @robincher!

robincher added a commit to robincher/nodejs-http-client that referenced this issue Oct 12, 2018
@robincher
sendgrid#94 | Upgrade dev dependecy mocha to version 4
a0f46b0
@robincher robincher mentioned this issue Oct 12, 2018
Merged
6 tasks
robincher added a commit to robincher/nodejs-http-client that referenced this issue Oct 12, 2018
@robincher
sendgrid#94 | Bump dev dep mocha to version 5
6178b33
robincher added a commit to robincher/nodejs-http-client that referenced this issue Oct 12, 2018
@robincher
sendgrid#94 | Bump dev dep mocha to latest mocha major version 5
6348053
thinkingserious added a commit that referenced this issue Oct 29, 2018
@thinkingserious
Merge pull request #101 from robincher/mocha-update
306db08 
#94 | Upgrade dev dependency mocha to patch security vulnerabilitiy
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
difficulty: medium hacktoberfest status: work in progress type: security
Projects
None yet
Milestone
No milestone
2 participants
@thinkingserious @robincher