Downgrade event-stream package to 3.3.4 From the phosphor-webui alert: "The NPM package flatmap-stream is considered malicious. A malicious actor added this package as a dependency to the NPM event-stream package in versions 3.3.6 and later. Users of event-stream are encouraged to downgrade to the last non-malicious version, 3.3.4." More information can be found at: https://github.com/dominictarr/event-stream/issues/116 https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/ Tested: Manually on a Witherspoon. Change-Id: I2555ee04be69cc42f99cf3a5d18a99a4d5c26324 Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

commit: f875e0122210f847132c5fcca188323c24a2be21 [log] [tgz]
author: Gunnar Mills <gmills@us.ibm.com> Tue Nov 27 13:39:27 2018 -0600
committer: Gunnar Mills <gmills@us.ibm.com> Tue Nov 27 15:24:19 2018 -0600
tree: f8c0665e18420005f88dab11099e9cb867eeebae
parent: 1c43b312769fcf9fe4e41bf6d7336402d06bed6e [diff] [blame]
diff --git a/package.json b/package.json
index 1536539..6e5db80 100644
--- a/package.json
+++ b/package.json

@@ -54,7 +54,7 @@
     "copy-webpack-plugin": "4.5.2",
     "css-loader": "1.0.0",
     "eslint-plugin-angular": "3.3.0",
-    "event-stream": "3.3.5",
+    "event-stream": "3.3.4",
     "file-loader": "2.0.0",
     "html-loader": "^0.5.5",
     "html-minifier": "^3.5.20",
commit	f875e0122210f847132c5fcca188323c24a2be21	[log] [tgz]
author	Gunnar Mills <gmills@us.ibm.com>	Tue Nov 27 13:39:27 2018 -0600
committer	Gunnar Mills <gmills@us.ibm.com>	Tue Nov 27 15:24:19 2018 -0600
tree	f8c0665e18420005f88dab11099e9cb867eeebae
parent	1c43b312769fcf9fe4e41bf6d7336402d06bed6e [diff] [blame]