Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Address npm audit vulnerabilities in pages-redirects #254

Open
8 tasks
rileyseaburg opened this issue Aug 21, 2024 · 1 comment
Open
8 tasks

Address npm audit vulnerabilities in pages-redirects #254

rileyseaburg opened this issue Aug 21, 2024 · 1 comment

Comments

@rileyseaburg
Copy link

Short description:

The npm audit command has revealed several vulnerabilities in the project dependencies that need to be addressed to improve the security of the pages-redirects project.

image

Notes

  • The npm audit revealed vulnerabilities in the following packages:
    • request: Server-Side Request Forgery (moderate severity)
    • tough-cookie: Prototype Pollution vulnerability (moderate severity)
    • trim: Regular Expression Denial of Service (high severity)
  • These vulnerabilities affect dependent packages including tap-out and tap-summary
  • Some issues may require choosing different dependencies as there are no direct fixes available

Acceptance Criteria

  • Review each vulnerability and its impact on the project
  • Investigate possible solutions for each vulnerable package:
    • Check if updated versions of the packages are available that resolve the vulnerabilities
    • If no updates are available, research alternative packages that could replace the vulnerable ones
  • Test any proposed changes to ensure they don't break existing functionality
  • Update the project's dependencies to resolve the vulnerabilities
  • Run another npm audit to confirm that the vulnerabilities have been addressed
  • Update project documentation to reflect any significant changes made
@drewbo
Copy link
Contributor

drewbo commented Oct 2, 2024

@rileyseaburg just noting that this was deprioritized because pages-redirects is an NGINX application which only uses npm/node_modules to create configuration files (i.e. it isn't running live on the application and these vulnerabilities do not present any security risk)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants