node_acl icon indicating copy to clipboard operation
node_acl copied to clipboard

Published 20 hours ago verified publisher icon OptimalBits

NPM found 1 high severity vulnerability (mongodb must be >=3.1.13)

Open flaforgue opened this issue 5 years ago • 4 comments

Hello,

First of all, thanks for your package which seems to be amazing ! I look forward to try it but I would like to warn you about this point : after the installation, NPM audit returns 1 high severity vulnerability. Here is the exact output :

                       === npm audit security report ===                        
                                                                                
                                                                                
                                 Manual Review                                  
             Some vulnerabilities require your attention to resolve             
                                                                                
          Visit https://go.npm.me/audit-guide for additional guidance           
                                                                                
                                                                                
  High            Denial of Service                                             
                                                                                
  Package         mongodb                                                       
                                                                                
  Patched in      >=3.1.13                                                      
                                                                                
  Dependency of   acl                                                           
                                                                                
  Path            acl > mongodb                                                 
                                                                                
  More info       https://nodesecurity.io/advisories/1203                       
                                                                                
found 1 high severity vulnerability in 879816 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Do you think it would be a dependency hard to update ?

Have a nice day.

flaforgue avatar Nov 25 '19 16:11 flaforgue

+1

eran10 avatar Jan 16 '20 07:01 eran10

+1

abitofcode avatar Feb 18 '20 13:02 abitofcode

+1

josencv avatar Feb 20 '20 15:02 josencv

Fixed in my fork acl2. More info here: https://github.com/OptimalBits/node_acl/issues/285#issuecomment-688599945

koresar avatar Sep 08 '20 03:09 koresar