Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vulnerablities on npm istall #15

Open
Dilosen opened this issue Jun 8, 2022 · 1 comment
Open

vulnerablities on npm istall #15

Dilosen opened this issue Jun 8, 2022 · 1 comment

Comments

@Dilosen
Copy link

Dilosen commented Jun 8, 2022

Hi There, I am installing via npm and once complete I get a message regarding 16 vulnerablities, mainly regarding dependancies.

There is also a no fix for the following:

set-value 3.0.0 - 4.0.0
Severity: high
Prototype Pollution in set-value - GHSA-4jqc-8m5r-9rpr
No fix available
node_modules/set-value
pipeline-ui *
Depends on vulnerable versions of set-value
node_modules/pipeline-ui

Not sure what to do, npm audit fix doesn't seem to do anything and npm audit fix --force seems to break it, adding more vulrablities recorded.

I would like to use Pipeline in my project, but not sure how secure it is. Any help would be appreciated.
@Dilosen
Copy link
Author

Dilosen commented Jun 8, 2022

I see that this is an ongoing issue: npm/cli#3472

Please let me know if it's something specific that can be done to npm install pipeline-ui or if the dependancies can be updated some other way? Would like to start with 0 vulnerablities :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Dilosen