Skip to content

Remove compromised dependency static-module #81

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
danfinlay opened this issue Oct 19, 2017 · 10 comments · Fixed by browserify/static-module#39
Closed

Remove compromised dependency static-module #81

danfinlay opened this issue Oct 19, 2017 · 10 comments · Fixed by browserify/static-module#39

Comments

@danfinlay
Copy link

The node-security platform reported that static-module is compromised (because it includes static-eval), should probably move off it.
@kujon
Copy link

kujon commented Oct 23, 2017

https://nodesecurity.io/advisories/548 Details of the issue here.

@george-wilson-iproov
Copy link

This was fixed with #79 I think - we just need @stevemao to tag a fresh version

@stevemao
Copy link
Member

stevemao commented Nov 8, 2017

I don't think I can publish to npm. If @mattdesl or @substack could add me I'm happy to do it :)

@stevemao stevemao closed this as completed Nov 8, 2017
@kujon
Copy link

kujon commented Nov 15, 2017

Any chance of having this published soon?

@goto-bus-stop
Copy link
Member

#79 fixed a different issue—fix for this one is in #83.

@stevemao stevemao reopened this Dec 8, 2017
@Fjandin
Copy link

Fjandin commented Dec 27, 2017

Any chance this will be released soon?

@ljbade
Copy link

ljbade commented Jan 17, 2018

Hitting the same problem.

@ljbade ljbade mentioned this issue Jan 18, 2018
Closed
goto-bus-stop added a commit to browserify/static-module that referenced this issue Jan 20, 2018
@goto-bus-stop
Catch errors in statically evaluated expressions
e125b99 
This will just not replace expressions that cannot be evaluated because
of a runtime error.

This is needed for browserify/brfs#83 which
fixes browserify/brfs#81.
@goto-bus-stop goto-bus-stop mentioned this issue Jan 20, 2018
Merged
goto-bus-stop added a commit to browserify/static-module that referenced this issue Jan 30, 2018
@goto-bus-stop
Catch errors in statically evaluated expressions (#39)
df3233c 
This will just not replace expressions that cannot be evaluated because
of a runtime error.

This is needed for browserify/brfs#83 which
fixes browserify/brfs#81.
@ljbade
Copy link

ljbade commented Jan 30, 2018

Thanks for fixing this! Now to get upstream modules to update brfs...

@goto-bus-stop
Copy link
Member

I'm going to release it as a patch once brfs is added to the browserify npm org (probably later today depending on when substack is awake and connected) so upstream modules should automatically get the update :)

@matskiv matskiv mentioned this issue Jan 30, 2018
Merged
@goto-bus-stop
Copy link
Member

Published as 1.4.4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Catch errors in statically evaluated expressions browserify/static-module
7 participants
@Fjandin @kujon @danfinlay @goto-bus-stop @ljbade @stevemao @george-wilson-iproov