versioneye / versioneye / issues / #383 - concat-stream vulnerabilities not existing anymore — Bitbucket

Issue #383 resolved

Former user created an issue 2017-05-23

These vulnerabilities were not correctly reported by nodesecurity and are removed by them now.

However they are all still marked as vulnerable: https://www.versioneye.com/nodejs/concat-stream/1.5.0

This is long fixed. See for example: https://github.com/maxogden/concat-stream/issues/56

Comments (5)

Robert Reiz
- assigned issue to
  
  Robert Reiz
- 2017-05-24T14:16:15+00:00
Robert Reiz
- changed status to resolved
I just updated our database. Now version 1.6.0 and 1.5.2 are fixed.
- 2017-05-24T14:25:30+00:00
Robert Reiz
See here: https://www.versioneye.com/nodejs/concat-stream/1.6.0
- 2017-05-24T14:25:50+00:00
farhanible
Is this due to the fix? The web-interface is inconsistent and the PDF still shows the vulnerability.
- 2017-05-24T15:12:03+00:00
Robert Reiz
Hi @farhanible. The information in the header contains the summed infos over all your files in the project. As far as I can see from the screenshot your project contains 2 files, the package.json and the yarn.lock file. In the screenshot you are viewing the package.json. I assume that the security vulnerability is in the yarn.lock file. You can either directly click on the "yarn.lock" file in the Files row or click on the "Summary" report.
- 2017-06-02T08:47:23+00:00
Log in to comment

Assignee: Robert Reiz

Type: bug

Priority: minor

Status: resolved

Component: VersionEye-WWW

Milestone: –

Votes: 0

Watchers: None

Jira: the preferred issue tracker for Bitbucket. Join the team!