Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider replacing dependency "node-slate" with "whiteboard" #5

Open
dpilafian opened this issue Feb 22, 2018 · 1 comment
Open

Consider replacing dependency "node-slate" with "whiteboard" #5

dpilafian opened this issue Feb 22, 2018 · 1 comment

Comments

@dpilafian
Copy link
Contributor

dpilafian commented Feb 22, 2018

node-slate
A fork of a dead project that is a node implementation of Slate.
https://github.com/center-key/node-slate

whiteboard
A project closing in on a thousand stars that is a node implementation of Slate.
https://github.com/mpociot/whiteboard

...or make node-slate a fork of whiteboard.

@Lemmmy
Copy link

Lemmmy commented Jun 1, 2018

I think this should be fast-tracked, as gulp-node-slate's outdated/abandoned dependencies are the source of almost all security vulnerabilities in my project. From npm audit:

High Regular Expression Denial of Service
Package minimatch
Patched in >=3.0.2
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp > vinyl-fs > glob-stream > glob > minimatch
More info https://nodesecurity.io/advisories/118
High Regular Expression Denial of Service
Package minimatch
Patched in >=3.0.2
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp > vinyl-fs > glob-stream > minimatch
More info https://nodesecurity.io/advisories/118
High Regular Expression Denial of Service
Package minimatch
Patched in >=3.0.2
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-htmlhint > htmlhint > jshint > minimatch
More info https://nodesecurity.io/advisories/118
High Regular Expression Denial of Service
Package minimatch
Patched in >=3.0.2
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp > vinyl-fs > glob-watcher > gaze > globule > glob > minimatch
More info https://nodesecurity.io/advisories/118
High Regular Expression Denial of Service
Package minimatch
Patched in >=3.0.2
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch
More info https://nodesecurity.io/advisories/118
High Regular Expression Denial of Service
Package minimatch
Patched in >=3.0.2
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-htmlhint > htmlhint > jshint > cli > glob > minimatch
More info https://nodesecurity.io/advisories/118
Moderate Prototype pollution
Package hoek
Patched in > 4.2.0 < 5.0.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-sass > node-sass > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Patched in > 4.2.0 < 5.0.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-sass > node-sass > request > hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Patched in > 4.2.0 < 5.0.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-sass > node-sass > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Patched in > 4.2.0 < 5.0.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-sass > node-sass > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Patched in > 4.2.0 < 5.0.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > node-sass > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Patched in > 4.2.0 < 5.0.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > node-sass > request > hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Patched in > 4.2.0 < 5.0.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > node-sass > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Patched in > 4.2.0 < 5.0.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > node-sass > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Critical Command Injection
Package open
Patched in No patch available
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-open > open
More info https://nodesecurity.io/advisories/663
Moderate Regular Expression Denial of Service
Package mime
Patched in >= 1.4.1 < 2.0.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-w3cjs > w3cjs > superagent > form-data > mime
More info https://nodesecurity.io/advisories/535
Moderate Regular Expression Denial of Service
Package mime
Patched in >= 1.4.1 < 2.0.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-w3cjs > w3cjs > superagent > mime
More info https://nodesecurity.io/advisories/535
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp > vinyl-fs > glob-watcher > gaze > globule > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-htmlhint > htmlhint > jshint > lodash
More info https://nodesecurity.io/advisories/577
Low Prototype Pollution
Package lodash
Patched in >=4.17.5
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > jshint > lodash
More info https://nodesecurity.io/advisories/577
Moderate Memory Exposure
Package tunnel-agent
Patched in >=0.6.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-sass > node-sass > request > tunnel-agent
More info https://nodesecurity.io/advisories/598
Moderate Memory Exposure
Package tunnel-agent
Patched in >=0.6.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > node-sass > request > tunnel-agent
More info https://nodesecurity.io/advisories/598
High Denial of Service
Package http-proxy-agent
Patched in >=2.1.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-w3cjs > w3cjs > superagent-proxy > proxy-agent > http-proxy-agent
More info https://nodesecurity.io/advisories/607
High Denial of Service
Package https-proxy-agent
Patched in >=2.2.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-w3cjs > w3cjs > superagent-proxy > proxy-agent > https-proxy-agent
More info https://nodesecurity.io/advisories/593
Low Large gzip Denial of Service
Package superagent
Patched in >=3.7.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-w3cjs > w3cjs > superagent
More info https://nodesecurity.io/advisories/479
Low Arbitrary File Write
Package cli
Patched in >=1.0.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-htmlhint > htmlhint > jshint > cli
More info https://nodesecurity.io/advisories/95
Low Regular Expression Denial of Service
Package debug
Patched in >= 2.6.9 < 3.0.0
Dependency of gulp-node-slate [dev]
Path gulp-node-slate > node-slate > gulp-w3cjs > w3cjs > superagent-proxy > debug
More info https://nodesecurity.io/advisories/534

dpilafian added a commit that referenced this issue Jun 12, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants