CDash
CDash copied to clipboard
Kitware
`npm audit` reports "found 7 low severity vulnerabilities" after fresh install of cdash 3.0.3
Not sure how severe these are, but running npm audit after a fresh install of cdash 3.0.3 gives:
=== npm audit security report ===
# Run npm install [email protected] to resolve 3 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
Low Prototype Pollution
Package yargs-parser
Dependency of laravel-mix
Path laravel-mix > yargs > yargs-parser
More info https://npmjs.com/advisories/1500
Low Prototype Pollution
Package ini
Dependency of laravel-mix
Path laravel-mix > chokidar > fsevents > node-pre-gyp > rc > ini
More info https://npmjs.com/advisories/1589
Low Prototype Pollution
Package ini
Dependency of laravel-mix
Path laravel-mix > webpack > watchpack > watchpack-chokidar2 >
chokidar > fsevents > node-pre-gyp > rc > ini
More info https://npmjs.com/advisories/1589
# Run npm install [email protected] to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
Low Prototype Pollution
Package ini
Dependency of webpack
Path webpack > watchpack > watchpack-chokidar2 > chokidar >
fsevents > node-pre-gyp > rc > ini
More info https://npmjs.com/advisories/1589
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Prototype Pollution
Package yargs-parser
Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2
Dependency of mocha-webpack [dev]
Path mocha-webpack > yargs > yargs-parser
More info https://npmjs.com/advisories/1500
Low Prototype Pollution
Package ini
Patched in >1.3.6
Dependency of laravel-mix
Path laravel-mix > webpack-dev-server > chokidar > fsevents >
node-pre-gyp > rc > ini
More info https://npmjs.com/advisories/1589
Low Prototype Pollution
Package ini
Patched in >1.3.6
Dependency of mocha-webpack [dev]
Path mocha-webpack > chokidar > fsevents > node-pre-gyp > rc >
ini
More info https://npmjs.com/advisories/1589
found 7 low severity vulnerabilities in 1575 scanned packages
4 vulnerabilities require semver-major dependency updates.
3 vulnerabilities require manual review. See the full report for details.
Actually, today on an update from 3.0.2 to 3.0.3 I get:
found 109 vulnerabilities (50 moderate, 59 high)
Good point. For what it's worth, almost all of these are fixed in master. I'll try to cut a CDash 3.1 release soon.
On Mon, Dec 6, 2021 at 8:53 AM Mario Emmenlauer @.***> wrote:
Actually, today on an update from 3.0.2 to 3.0.3 I get:
found 109 vulnerabilities (50 moderate, 59 high)
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Kitware/CDash/issues/1125#issuecomment-986796730, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABW3UA3VMXCODLDNQGODLTUPS56JANCNFSM4YPV2VOQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
A new release would be great, it's been a while.
What does open.cdash.org run? Seems like something newer than the last release...
@zackgalbreath friendly ping. Any news on a new release? Also: happy new year!
Hopefully soon. I've got two remaining CDash tasks that a customer has asked I fix before we release CDash 3.1. To put a concrete date on it, let's target March 1.
Hi @zackgalbreath , happy March! Any news on the release? :) Anything we can do to help? Testing?
It's happening! Here's the release branch: https://github.com/Kitware/CDash/tree/releases/3.1
I've deployed this to a few instances already and everything looks good so far. My plan is to keep rolling this out in the coming days. After that settles out I'll officially tag the release.
On Thu, Mar 3, 2022 at 10:22 PM Sean McBride @.***> wrote:
Hi @zackgalbreath https://github.com/zackgalbreath , happy March! Any news on the release? :) Anything we can do to help? Testing?
— Reply to this email directly, view it on GitHub https://github.com/Kitware/CDash/issues/1125#issuecomment-1058788280, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABW3UG7LQP7GBOKD76SXETU6F6WTANCNFSM4YPV2VOQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>