Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-4162

Bower version 1.7.9 has SECURITY BUG

    Details

    • Type: Task
    • Status: Code Review Needed (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 6.3
    • Fix Version/s: None
    • Component/s: XMLUI
    • Labels:
      None
    • Attachments:
      0
    • Comments:
      1
    • Documentation Status:
      Needed

      Description

      When building XMLUI-Mirage2 i get a message:

      [WARNING] npm WARN deprecated bower@1.7.9: This Bower version has SECURITY BUG THAT ALLOWS TO WRITE TO ARBITRARY FILE ON YOUR COMPUTER when you install malicious package. Please upgrade Bower to at least version 1.8.8 if you don't want to get hacked. More info: https://snyk.io/blog/severe-security-vulnerability-in-bowers-zip-archive-extraction/

      Changing bower version in _dspace-xmlui-mirage2\src\main\webapp\package.json_ does not have any effect for me.

      My build command is:

      mvn clean package -U -Dmirage2.on=true

       

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              sven.soliman Sven Soliman
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: