Fix security issue in developer tools breaking the build #784

tanx · 2018-11-09T17:31:50Z

The build is currently breaking due to a vuln in our development tools: https://travis-ci.org/lightninglabs/lightning-app/jobs/452958355#L857-L871

=== npm audit security report ===                        
                                                                                
# Run  npm install [email protected]  to resolve 1 vulnerability
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Missing Origin Validation                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ webpack-dev-server                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-scripts                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ react-scripts > webpack-dev-server                           │
├───────────────┼─���────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/725                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

The text was updated successfully, but these errors were encountered:

valentinewallace · 2018-11-10T02:47:58Z

I think this is new problem, hopefully this stack overflow question gets traction.

tanx · 2018-11-12T12:23:05Z

I tried to resolve the issue. But we'd have to upgrade to [email protected] and that breaks the build. Haven't been able to get it to work yet. I created an issue here facebook/create-react-app#5777

Waseemrajashaik · 2019-01-01T15:01:29Z

solution for this issue please ???

tanx · 2019-01-10T04:45:08Z

The vulnerability is apparently that an adversary could see your source code when running webpack-dev-server. For an open source project like ours not a critical issue. But we'll definitely fix this when we upgrade create-react-app..

Waseemrajashaik · 2019-01-17T10:13:24Z

Thanks, @tanx. waiting for the fix 😄

tanx added security build show stopper labels Nov 9, 2018

tanx mentioned this issue Nov 9, 2018

Auth mobile #783

Merged

tanx removed the show stopper label Nov 9, 2018

tanx self-assigned this Jan 30, 2019

tanx assigned tanx and unassigned tanx Mar 12, 2019

tanx added the mainnet label Mar 19, 2019

tanx mentioned this issue Apr 2, 2019

Upgrade npm deps #1040

Merged

tanx closed this as completed in #1040 Apr 8, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix security issue in developer tools breaking the build #784

Fix security issue in developer tools breaking the build #784

tanx commented Nov 9, 2018

valentinewallace commented Nov 10, 2018

tanx commented Nov 12, 2018

Waseemrajashaik commented Jan 1, 2019

tanx commented Jan 10, 2019

Waseemrajashaik commented Jan 17, 2019

Fix security issue in developer tools breaking the build #784

Fix security issue in developer tools breaking the build #784

Comments

tanx commented Nov 9, 2018

valentinewallace commented Nov 10, 2018

tanx commented Nov 12, 2018

Waseemrajashaik commented Jan 1, 2019

tanx commented Jan 10, 2019

Waseemrajashaik commented Jan 17, 2019