npm6 vulnerability

```
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ deep-extend                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ webpack [dev]                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ webpack > watchpack > chokidar > fsevents > node-pre-gyp >   │
│               │ rc > deep-extend                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/612                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ deep-extend                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ webpack-dev-server [dev]                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ webpack-dev-server > chokidar > fsevents > node-pre-gyp > rc │
│               │ > deep-extend                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/612                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

```

Edit: It's fixed in https://github.com/unclechu/node-deep-extend/commit/9423fae877e2ab6b4aecc4db79a0ed63039d4703 and #40

- [x] `rc` got updated: https://github.com/dominictarr/rc/commit/b63377974f60bc5207c15bc8f465e28d2c7e1945
- [ ] `node-pre-gyp` https://github.com/mapbox/node-pre-gyp/pull/379
- [ ]  `fsevents` needs to update `node-pre-gyp`
- [ ]  `chokidar` needs to update `fsevents`
- [ ]  `webpack-dev-server` and `watchpack` needs to update `chokidar`
- [ ]  `webpack` needs to update `watchpack`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

npm6 vulnerability #41

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

npm6 vulnerability #41

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions