Uploaded image for project: 'Magnolia CLI'
  1. Magnolia CLI
  2. NPMCLI-198

high-severity security vulnerability "npm:adm-zip:20180415"

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0.7
    • Labels:
      None
    • Release notes required:
      Yes
    • Epic Link:
    • Sprint:
      Foundation 6
    • Story Points:
      3

      Description

      Magnolia cli has a dependency on an old version of adm-zip which has a security vulnerability. More info here: https://snyk.io/vuln/npm:adm-zip:20180415

      Please update the dependency, so that I can have magnolia-cli approved by my security team.

        Checklists

        Acceptance criteria

          Attachments

            Issue Links

            caused by

            Bug - A problem which impairs or prevents the functions of the product. NPMCLI-182 CLI jumpstart fails - due to regression in adm-zip dependency

            • Critical - Crashes, loss of data, severe memory leak.
            • Closed
            supersedes

            Task - A task that needs to be done. NPMCLI-186 Unpin adm-zip dependency or replace it with a different library

            • Neutral -
            • Closed

              Activity

                People

                Assignee:
                fgrilli Federico Grilli
                Reporter:
                Sam Samantha Mannino
                Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:
                  Date of First Response:

                    Checklists

                    Bug DoR
                    DoD