Skip to content

security: mitigate CVE-2018-20834#1434

Merged
shockey merged 8 commits into
swagger-api:masterfrom
shockey:security/cve-2018-20834
May 21, 2019
Merged

security: mitigate CVE-2018-20834#1434
shockey merged 8 commits into
swagger-api:masterfrom
shockey:security/cve-2018-20834

Conversation

@shockey

@shockey shockey commented May 21, 2019

Copy link
Copy Markdown
Contributor

No end-user risk, just cleaning tar@<4.4.2 out of our dev dependencies.

CVE-2018-20834

Before

➜  npm ls tar
swagger-client@3.8.24 /Users/kyle/Code/js
├─┬ bundlesize@0.17.0
│ └─┬ brotli-size@0.0.1
│   └─┬ iltorb@1.3.10
│     └─┬ node-gyp@3.7.0
│       └── tar@2.2.1 
└─┬ mocha-webpack@1.1.0
  └─┬ chokidar@1.7.0
    └─┬ fsevents@1.2.4
      └─┬ node-pre-gyp@0.10.0
        └── tar@4.4.1 

After

➜  npm ls tar
swagger-client@3.8.24 /Users/kyle/Code/js
└── (empty)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant