Command Injection due to old node-modules #421

KevinHaisol · 2017-10-10T13:48:49Z

Any chance you can update the jasmine-growl-reporter package to version 1.0.1? There is a security vulnerability in the current version (0.0.3)

Once you get this fixed, other library's that depend on your library can be updated as well.

Thanks

jcubic · 2018-06-12T16:12:11Z

Just one more reason to switch to jest. I've committed my package lock file and now my repo is marked as vulnerable.

MatissJanis · 2018-10-16T08:41:31Z

1 year has passed and this is still not fixed. 😢

geoidesic · 2018-10-18T21:02:03Z

Just need to upgrade jasmine-growl-reporter to v2.0.0 – https://github.com/AlphaHydrae/jasmine-growl-reporter. Pretty please!

geoidesic · 2018-10-18T21:05:11Z

I see this has been addressed, caused breaking changes, and was reverted: #433

maxwellhadley · 2018-11-06T18:52:29Z

So please fix this!

daern91 · 2018-11-21T13:00:38Z

I forked and fixed this. Feel free to use it in the meanwhile:
https://github.com/daern91/jasmine-node

Just remember that, like discussed, it will not support node < 4

npm i daern91/jasmine-node

daern91 mentioned this issue Nov 20, 2018

chore: update deps commercetools/sphere-node-sdk#269

Merged

Provide feedback