Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-4162

Bower version 1.7.9 has SECURITY BUG

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Code Review Needed (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 6.3
    • Fix Version/s: None
    • Component/s: XMLUI
    • Labels:
      None
    • Attachments:
      0
    • Comments:
      1
    • Documentation Status:
      Needed

      Description

      When building XMLUI-Mirage2 i get a message:

      [WARNING] npm WARN deprecated bower@1.7.9: This Bower version has SECURITY BUG THAT ALLOWS TO WRITE TO ARBITRARY FILE ON YOUR COMPUTER when you install malicious package. Please upgrade Bower to at least version 1.8.8 if you don't want to get hacked. More info: https://snyk.io/blog/severe-security-vulnerability-in-bowers-zip-archive-extraction/

      Changing bower version in _dspace-xmlui-mirage2\src\main\webapp\package.json_ does not have any effect for me.

      My build command is:

      mvn clean package -U -Dmirage2.on=true

       

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            sven.soliman Sven Soliman
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: