Uploaded image for project: 'Magnolia CLI'
  1. Magnolia CLI
  2. NPMCLI-198

high-severity security vulnerability "npm:adm-zip:20180415"

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0.7
    • Labels:
      None
    • Release notes required:
      Yes
    • Epic Link:
    • Sprint:
      Foundation 6
    • Story Points:
      3

      Description

      Magnolia cli has a dependency on an old version of adm-zip which has a security vulnerability. More info here: https://snyk.io/vuln/npm:adm-zip:20180415

      Please update the dependency, so that I can have magnolia-cli approved by my security team.

        Attachments

          Issue Links

          caused by

          Bug - A problem which impairs or prevents the functions of the product. NPMCLI-182 CLI jumpstart fails - due to regression in adm-zip dependency

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          supersedes

          Task - A task that needs to be done. NPMCLI-186 Unpin adm-zip dependency or replace it with a different library

          • Neutral -
          • Closed

            Activity

              People

              • Assignee:
                fgrilli Federico Grilli
                Reporter:
                Sam Samantha Mannino
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Date of First Response: