Actions
Bug #25558
open
Ignore DoS in semver npm dependency
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No
Description
[2024-09-26T21:17:24.295Z] ╔══════════════════════════════════════════════════════════════════════╗ [2024-09-26T21:17:24.295Z] ║ === list of exceptions === ║ [2024-09-26T21:17:24.295Z] ║ ║ [2024-09-26T21:17:24.295Z] ║ ID │ Status │ Expiry │ Notes ║ [2024-09-26T21:17:24.295Z] ║ GHSA-grv7-fg5c-xmjg │ active │ │ Dev dependency vulnerability ║ [2024-09-26T21:17:24.295Z] ╚═════════════════════╧════════╧════════╧══════════════════════════════╝ [2024-09-26T21:17:24.295Z] [2024-09-26T21:17:27.672Z] ╔═══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ [2024-09-26T21:17:27.672Z] ║ === npm audit security report === ║ [2024-09-26T21:17:27.672Z] ║ ║ [2024-09-26T21:17:27.672Z] ║ ID │ Module │ Title │ Paths │ Sev. │ URL │ Ex. ║ [2024-09-26T21:17:27.672Z] ║ 1098094 │ braces │ Uncontrolled resource consumption in braces │ braces │ high │ https://github.com/advisories/GHSA-grv7-fg5c-xmjg │ y ║ [2024-09-26T21:17:27.672Z] ║ │ │ │ micromatch>braces │ │ │ ║ [2024-09-26T21:17:27.672Z] ║ │ │ │ sass>braces │ │ │ ║ [2024-09-26T21:17:27.672Z] ║ 1096592 │ es5-ext │ es5-ext vulnerable to Regular Expression Denial of │ es5-ext │ low │ https://github.com/advisories/GHSA-4gmj-3p3h-gm8h │ n ║ [2024-09-26T21:17:27.672Z] ║ │ │ Service in `function#copy` and │ │ │ │ ║ [2024-09-26T21:17:27.672Z] ║ │ │ `function#toStringTokens` │ │ │ │ ║ [2024-09-26T21:17:27.672Z] ║ 1098681 │ micromatch │ Regular Expression Denial of Service (ReDoS) in │ anymatch>micromatch │ moderate │ https://github.com/advisories/GHSA-952p-6rrq-rcjv │ n ║ [2024-09-26T21:17:27.672Z] ║ │ │ micromatch │ findup-sync>micromatch │ │ │ ║ [2024-09-26T21:17:27.672Z] ║ │ │ │ matchdep>micromatch │ │ │ ║ [2024-09-26T21:17:27.672Z] ║ │ │ │ micromatch │ │ │ ║ [2024-09-26T21:17:27.672Z] ║ │ │ │ readdirp>micromatch │ │ │ ║ [2024-09-26T21:17:27.672Z] ║ 1094544 │ postcss │ PostCSS line return parsing error │ postcss │ moderate │ https://github.com/advisories/GHSA-7fh5-64p2-3v2j │ n ║ [2024-09-26T21:17:27.672Z] ║ 1096727 │ request │ Server-Side Request Forgery in Request │ request │ moderate │ https://github.com/advisories/GHSA-p8p7-x288-28g6 │ n ║ [2024-09-26T21:17:27.672Z] ║ 1098563 │ semver │ semver vulnerable to Regular Expression Denial of │ semver │ high │ https://github.com/advisories/GHSA-c2qf-rxjj-qqgw │ n ║ [2024-09-26T21:17:27.672Z] ║ │ │ Service │ │ │ │ ║ [2024-09-26T21:17:27.672Z] ║ 1097682 │ tough-cookie │ tough-cookie Prototype Pollution vulnerability │ tough-cookie │ moderate │ https://github.com/advisories/GHSA-72xf-g2v4-qvf3 │ n ║ [2024-09-26T21:17:27.673Z] ╚═════════╧══════════════╧════════════════════════════════════════════════════╧════════════════════════════════════════════════════╧══════════╧═══════════════════════════════════════════════════╧═════╝ [2024-09-26T21:17:27.673Z] [2024-09-26T21:17:27.673Z] 1 vulnerabilities found. Node security advisories: 1098563 [2024-09-26T21:17:27.673Z] npm ERR! code 1 [2024-09-26T21:17:27.673Z] npm ERR! path /srv/jenkins/workspace/pendencies_branches_rudder_8.1_3/datasources/src/main [2024-09-26T21:17:27.673Z] npm ERR! command failed [2024-09-26T21:17:27.673Z] npm ERR! command sh -c better-npm-audit "audit" "--level" "high" [2024-09-26T21:17:27.673Z] [2024-09-26T21:17:27.673Z] npm ERR! A complete log of this run can be found in: [2024-09-26T21:17:27.673Z] npm ERR! /home/jenkins/.npm/_logs/2024-09-26T21_17_27_454Z-debug.log script returned exit code 1
Updated by Alexis Mousset about 2 months ago
- Status changed from New to In progress
- Assignee set to Alexis Mousset
Updated by Alexis Mousset about 2 months ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder-plugins/pull/759
Updated by Alexis Mousset about 2 months ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder:rudder-plugins|d76946753ff692fa2098ce8f3d4e5503460a5010.
Updated by Alexis Mousset about 2 months ago
- Fix check changed from To do to Checked
Actions