Comments (4)
andys8
commented on June 2, 2024
3
There is github security warning. Keep in mind, it could hurt elm, if elm 0.18 would be marked as insecure.
from elm-platform.
carlthuringer
commented on June 2, 2024
The dependencies were significantly reduced in #194 and available in 0.18.0-exp5. You may upgrade to that release or await 0.19 I think.
from elm-platform.
jinjor
commented on June 2, 2024
FYI: npm audit in my environment reports as follows.
torii-mac:elm-security-test jinjor$ npm audit
=== npm audit security report ===
# Run npm install --save-dev [email protected] to resolve 5 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ elm [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ elm > request > hawk > boom > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ elm [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ elm > request > hawk > cryptiles > boom > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ elm [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ elm > request > hawk > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ elm [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ elm > request > hawk > sntp > hoek │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/566 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Memory Exposure │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ elm [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ elm > request > tunnel-agent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/598 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 5 moderate severity vulnerabilities in 118 scanned packages
5 vulnerabilities require semver-major dependency updates.
Looks like there is another problematic module tunnel-agent.
(node v8.9.4, [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected])
from elm-platform.
evancz
commented on June 2, 2024
It appears to be getting updated with the new installers.
from elm-platform.
Related Issues (20)
- install.elm-lang.org SSL certificate problem. HOT 2
- Corporate users cannot access dl.bintray.com HOT 1
- Switch from Bintray to GitHub releases for hosting npm binaries HOT 2
- Meta: npm installer improvements HOT 1
- Help users fix npm permissions issues HOT 2
- add `elm new` for improved onboarding experience HOT 3
- npm installer fails on proxy and certificates HOT 5
- elm command not found HOT 2
- Can dependencies of the npm installer be smaller? HOT 1
- Global Elm install on Ubuntu 16.04 LTS failing HOT 2
- Fail of npm install -g elm on linux systems. HOT 7
- can version 1.4.1 be deprecated? HOT 1
- npm installer index.js root variable is hard-coded
- npm install fails with "read ECONNRESET" with configured corporate proxy HOT 1
- 'elm --help' output could be improved HOT 1
- npm install fails on Ubuntu 16.04 HOT 1
- GHC 7.10 does not work anymore HOT 1
- Build fails on basement-0.0.8 HOT 1
- Cabal needs more backjumps in BuildFromSource.hs
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from elm-platform.