tripleo

Vulnerable version of tough-cookie in tripleo-ui dependency list

Bug #1687945 reported by Honza Pokorny
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Low
Jiri Tomasek
tripleo queens-rc1

Bug Description

We depend on a package that uses tough-cookie@2.2.2. Everything before 2.3.0 is considered vulnerable.

https://nodesecurity.io/advisories/130

tough-cookie => request => phantomjs-prebuild => svg2png => jimp => favicons => favicons-webpack-plugin

Tags: ui
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: none → pike-2
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: pike-2 → pike-3
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: pike-3 → pike-rc1
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: pike-rc1 → queens-1
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: queens-1 → queens-2
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: queens-2 → queens-3
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: queens-3 → queens-rc1
Revision history for this message
Jiri Tomasek (jtomasek) wrote :

favicons-webpack-plugin dependency has been removed by https://review.openstack.org/#/c/534954/

Changed in tripleo:
status: Triaged → Fix Released
assignee: nobody → Jiri Tomasek (jtomasek)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.