Skip to content

resolve npm audit security fixes (#3721) #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
LCarvalhoIADE merged 1 commit into from
Jul 25, 2018
Merged

resolve npm audit security fixes (#3721) #13

LCarvalhoIADE merged 1 commit into from
Jul 25, 2018

Conversation

@LCarvalhoIADE
Copy link
Owner

@LCarvalhoIADE LCarvalhoIADE commented Jul 25, 2018

  • upgrade mocha from 3.5.3 to 5.0.5

This resolves these security issues

Low Regular Expression Denial of Service
Package debug
Dependency of mocha [dev]
Path mocha > debug
More info https://nodesecurity.io/advisories/534

Critical Command Injection
Package growl
Dependency of mocha [dev]
Path mocha > growl
More info https://nodesecurity.io/advisories/146

  • upgrade mocha and start modularizing lodash to make sure tests pass

  • more lodash modularization

  • upgrade mqtt to 2.18.3

  • allow npm 6.2

  • upgrade share2nightscout-bridge

  • incorporate express-extension-to-accept into Nightscout

the packages seems not maintained (github page is 404) and has a security issue with mime package. so upgraded and included into Nightscout code.

if somebody knows a more efficient way of programming this with express4 please PR

  • update jsdom for security fixes

  • prevent wrapping of hour labels by removing the space

  • Revert "update jsdom for security fixes"

This reverts commit 04f1f39.

  • Revert "more lodash modularization"

This reverts commit c4fa530.

  • remove forever dependency

  • Revert "Revert "more lodash modularization""

This reverts commit b13c274.

  • fix report.test.js with newer packages

sometimes a fix is very easy. This is to prevent:

Deprecation warning: value provided is not in a recognized RFC2822 or ISO format. moment construction falls back to js Date(), which is not reliable across all browsers and versions. Non RFC2822/ISO date formats are discouraged and will be removed in an upcoming major release. Please refer to http://momentjs.com/guides/#/warnings/js-date/ for more info.
Arguments:
[0] _isAMomentObject: true, _isUTC: true, _useUTC: true, _l: undefined, _i: T00:00:00, _f: undefined, _strict: undefined, _locale: [object Object]
Error
    at Function.createFromInputFallback (XXX\cgm-remote-monitor\tmp\js\bundle.js:117408:98)
    at configFromString (XXX\cgm-remote-monitor\tmp\js\bundle.js:119456:15)

We must use ISO8601 formatted strings and not use slashes in dates, see moment/moment#1407 (comment)

  • upgrade webpack to 4.16.2

  • Update package.json

@PieterGit @sulkaharo
resolve npm audit security fixes (#3721)
71103bb 
* upgrade mocha from 3.5.3 to 5.0.5

This resolves these security issues

  Low             Regular Expression Denial of Service
  Package         debug
  Dependency of   mocha [dev]
  Path            mocha > debug
  More info       https://nodesecurity.io/advisories/534

  Critical        Command Injection
  Package         growl
  Dependency of   mocha [dev]
  Path            mocha > growl
  More info       https://nodesecurity.io/advisories/146

* upgrade mocha and start modularizing lodash to make sure tests pass

* more lodash modularization

* upgrade mqtt to 2.18.3

* allow npm 6.2

* upgrade share2nightscout-bridge

* incorporate express-extension-to-accept into Nightscout

the packages seems not maintained (github page is 404) and has a security issue with mime package.  so upgraded and included into Nightscout code.

if somebody knows a more efficient way of programming this with express4 please PR

* update jsdom for security fixes

* prevent wrapping of hour labels by removing the space

* Revert "update jsdom for security fixes"

This reverts commit 04f1f39.

* Revert "more lodash modularization"

This reverts commit c4fa530.

* remove forever dependency

* Revert "Revert "more lodash modularization""

This reverts commit b13c274.

* fix report.test.js with newer packages

sometimes a fix is very easy. This is to prevent:

```
Deprecation warning: value provided is not in a recognized RFC2822 or ISO format. moment construction falls back to js Date(), which is not reliable across all browsers and versions. Non RFC2822/ISO date formats are discouraged and will be removed in an upcoming major release. Please refer to http://momentjs.com/guides/#/warnings/js-date/ for more info.
Arguments:
[0] _isAMomentObject: true, _isUTC: true, _useUTC: true, _l: undefined, _i: T00:00:00, _f: undefined, _strict: undefined, _locale: [object Object]
Error
    at Function.createFromInputFallback (XXX\cgm-remote-monitor\tmp\js\bundle.js:117408:98)
    at configFromString (XXX\cgm-remote-monitor\tmp\js\bundle.js:119456:15)
```

We must use ISO8601 formatted strings and not use slashes in dates, see moment/moment#1407 (comment)

* upgrade webpack to 4.16.2

* Update package.json
@LCarvalhoIADE LCarvalhoIADE merged commit 57694b2 into LCarvalhoIADE:dev Jul 25, 2018
LCarvalhoIADE pushed a commit that referenced this pull request Apr 17, 2019
@winni67
Merge pull request #13 from nightscout/master
5aa0801 
Master
LCarvalhoIADE pushed a commit that referenced this pull request Apr 17, 2019
@lixgbg
Merge pull request #13 from lixgbg/wip/report-loopalyzer-dev
b32cd0e 
Update from latest dev
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LCarvalhoIADE @PieterGit