Skip to content
This repository has been archived by the owner on Jan 17, 2023. It is now read-only.

Investigate NSP 663 and 664 #4470

Closed
chenba opened this issue May 17, 2018 · 2 comments
Closed

Investigate NSP 663 and 664 #4470

chenba opened this issue May 17, 2018 · 2 comments

Comments

@chenba
Copy link
Collaborator

chenba commented May 17, 2018

Builds on master started failing on 2018-05-16 (starting with https://circleci.com/gh/mozilla-services/screenshots/6792). The failures are from nsp; see output below. We should investigate to see if we can ignore those advisories in .nsprc.

> nsp check -o summary

(+) 2 vulnerabilities found
 Name           Installed   Patched   Path                                                                                              More Info                              
 open           0.0.5       None      [email protected] > [email protected] > [email protected]                                               https://nodesecurity.io/advisories/663 
 stringstream   0.0.5       None      [email protected] > [email protected] > [email protected] > [email protected] > [email protected]   https://nodesecurity.io/advisories/664
@jaredhirsch
Copy link
Member

The bugs are in jpm, which appears to only be used in the ./bin/run-addon local development script. I think we're fine to ignore those.

jaredhirsch added a commit that referenced this issue May 17, 2018
@jaredhirsch
Fix #4470, Ignore nsp advisories 663 and 664 related to jpm
eb716e1
jaredhirsch added a commit that referenced this issue May 17, 2018
@jaredhirsch
Fix #4470, Ignore nsp advisories 663 and 664 related to jpm
98a4a81
@pdehaan
Copy link
Contributor

pdehaan commented May 17, 2018

Submitted upstream issue to [deprecated] jpm and there is an open PR in sign-addon which may handle the stringstream issue (maybe).

@chenba chenba closed this as completed in 08f7a96 May 18, 2018
chenba added a commit that referenced this issue May 18, 2018
@chenba
Merge pull request #4471 from mozilla-services/4470-nsp
49603f7 
Fix #4470, Ignore nsp advisories 663 and 664 related to jpm
testeaxeax pushed a commit to testeaxeax/screenshots that referenced this issue Jun 7, 2018
@jaredhirsch
Fix mozilla-services#4470, Ignore nsp advisories 663 and 664 related …
d2be5c9 
…to jpm
testeaxeax pushed a commit to testeaxeax/screenshots that referenced this issue Jun 7, 2018
Revert "Fix mozilla-services#4470, Ignore nsp advisories 663 and 664 …
0ca7022 
…related to jpm"

This reverts commit d2be5c9.
chenba pushed a commit to chenba/screenshots that referenced this issue Jun 28, 2018
@jaredhirsch @chenba
Fix mozilla-services#4470, Ignore nsp advisories 663 and 664 related …
f49ecfd 
…to jpm
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jaredhirsch @chenba @pdehaan