NPM update to address TAR vulnerability
This security vulnerability is in the phosphor-webui
repo:
"We found a potential security vulnerability in one of your
dependencies.
tar
Upgrade tar to version 4.4.2 or later."
See https://nvd.nist.gov/vuln/detail/CVE-2018-20834
for more information.
Ran "NPM update" && "npm install node-sass@latest --save".
Before:
bash-4.1$ npm audit
....
found 3 high severity vulnerabilities in 12118 scanned packages
run `npm audit fix` to fix 3 of them.
After:
bash-4.1$ npm audit
=== npm audit security report ===
found 0 vulnerabilities
in 12124 scanned packages
Resolves https://github.com/openbmc/phosphor-webui/issues/85
Tested: Built the GUI and loaded it on a Witherspoon. No
regressions observed.
Change-Id: I67cf4111021d7097a4a0726fecc320853810c6fd
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
diff --git a/package.json b/package.json
index faf47a3..db7976e 100644
--- a/package.json
+++ b/package.json
@@ -28,19 +28,19 @@
"node"
],
"dependencies": {
- "angular": "^1.7.5",
- "angular-animate": "^1.7.5",
"@novnc/novnc": "^1.1.0",
- "angular-clipboard": "^1.6.2",
- "angular-cookies": "^1.7.5",
- "angular-messages": "^1.7.6",
- "angular-route": "^1.7.5",
- "angular-sanitize": "^1.7.5",
- "angular-ui-bootstrap": "^2.5.0",
- "angular-ui-router": "^1.0.20",
+ "angular": "^1.7.8",
+ "angular-animate": "^1.7.8",
+ "angular-clipboard": "^1.7.0",
+ "angular-cookies": "^1.7.8",
+ "angular-messages": "^1.7.8",
+ "angular-route": "^1.7.8",
+ "angular-sanitize": "^1.7.8",
+ "angular-ui-bootstrap": "^2.5.6",
+ "angular-ui-router": "^1.0.22",
"bootstrap": "^4.3.1",
"ng-toast": "^2.0.0",
- "xterm": "^3.10.1"
+ "xterm": "^3.13.1"
},
"peerDependencies": {},
"devDependencies": {
@@ -74,9 +74,9 @@
"style-loader": "^0.23.1",
"svg-inline-loader": "^0.8.0",
"uglifyjs-webpack-plugin": "^1.3.0",
- "webpack": "^4.29.3",
- "webpack-cli": "^3.2.3",
- "webpack-dev-server": "^3.1.11"
+ "webpack": "^4.32.0",
+ "webpack-cli": "^3.3.2",
+ "webpack-dev-server": "^3.4.1"
},
"license": "MIT",
"engines": {