Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

npm reports Sequelize vulnerability #62

Open
rmloveland opened this issue Apr 22, 2019 · 0 comments
Open

npm reports Sequelize vulnerability #62

rmloveland opened this issue Apr 22, 2019 · 0 comments

Comments

@rmloveland
Copy link

Looks like we need to upgrade the version (apologies for not PR'ing that change, wanted to at least file the issue). However perhaps I'm not understanding this correctly, as I'm not really a JS developer.

$ cd examples-orms/node/sequelize
$ npm install
added 112 packages from 146 contributors and audited 226 packages in 2.523s
found 1 high severity vulnerability
  run `npm audit fix` to fix them, or `npm audit` for details


   ╭───────────────────────────────────────────────────────────────╮
   │                                                               │
   │       New minor version of npm available! 6.5.0 → 6.9.0       │
   │   Changelog: https://github.com/npm/cli/releases/tag/v6.9.0   │
   │                  Run npm i -g npm to update!                  │
   │                                                               │
   ╰───────────────────────────────────────────────────────────────╯

$ npm audit 
=== npm audit security report ===                        
                                                                                
# Run  npm install [email protected]  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ NoSQL Injection                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ sequelize                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ sequelize                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ sequelize                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/820                       │
└───────────────┴──────────────────────────────────────────────────────────────┘


found 1 high severity vulnerability in 226 scanned packages
  1 vulnerability requires semver-major dependency updates.

$ npm audit fix 
up to date in 0.42s
fixed 0 of 1 vulnerability in 226 scanned packages
  1 package update for 1 vuln involved breaking changes
  (use `npm audit fix --force` to install breaking changes; or refer to `npm audit` for steps to fix these manually)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant