Comments (5)
And separately a 3rd one get / parsejson https://nvd.nist.gov/vuln/detail/CVE-2017-16113
from minecraft-storeys-maker.
@edewit re-opening this issue, as from what I understood #101 only fixed url-parse but not parsejson?
https://github.com/vorburger/minecraft-storeys-maker/network/dependencies changed and the 1st point above but still shows (for me...) for the 2nd point above:
We found a potential security vulnerability in one of your dependencies.
A dependency defined in scratch/package-lock.json has known security vulnerabilities and should be updated.
from minecraft-storeys-maker.
@vorburger the issue doesn't state what version of parsejson
it should be. e.g. parsejson
doesn't have a newer version than 0.0.3
from minecraft-storeys-maker.
@edewit from reading over galkn/parsejson#4 more closely than I have yesterday, and the gist of what they seem to be saying over there in that issue as well as on https://www.npmjs.com/advisories/528 is basically that parsejson is dead, and that the native JSON.parse()
should be used instead, for both performance and security reasons. So it seems like we don't have to bump our parsejson
usage version, but find out why (by what transitive dependency) we need it in the first place, and then try to bump that - or (help to?) get whatever other package is depending on it to get off it?
from minecraft-storeys-maker.
@edewit closing this as GitHub no longer shows any vulnerabilities now - thank you!!
from minecraft-storeys-maker.
Related Issues (20)
- Fully automated end2end testing HOT 8
- Resolve all Dependabot alerts HOT 2
- Story DSL ending with text without newline makes parser get stuck HOT 3
- Add Checkstyle for common code format conventions HOT 7
- Use exclusion instead of inclusion in shadowJar
- currently `./test` script is broken HOT 5
- Error: Invalid or corrupt jarfile spongevanilla-1.12.2-7.3.1-RC391.jar HOT 2
- ConcurrentModificationException at aQute.bnd.osgi.Jar.putResource(Jar.java:335)
- Run build entirely in container, without depending on local tools (but still cache output)
- Commands are not always correctly unregistered, because Blockly UI saves the "same project" under different IDs? Or error handling bug?
- Isolate ClassLoader HOT 1
- Hot reloading Java plugins HOT 1
- Minecraft server should be able to load JS & Java (JAR) from a server URL running e.g. in a GitHub Codespace HOT 2
- ReferenceError: "m" is not defined HOT 4
- Mineflayer test failures get "stuck" (Jest did not exit one second after the test run has completed.) HOT 5
- On Join Error HOT 2
- Node.js 17.x is no longer actively supported!
- Reload existing Blocky script/workspace when user re-connects HOT 2
- Automatically Merge Dependabot's Pull Requests
- Upgrade from Java 8 to Java 17, Minecraft from 1.12 to 1.19.3, and Sponge from 7.4 to 10.0 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from minecraft-storeys-maker.