Critical vulnerabilities in pkgcloud and swagger-ui

[giovanni-bertoncelli]

I wanted to report some vulnerabilities that should be fixed before this package gets out of LTS.
Here's the list:

• Gravity: high, package: minimatch, path: loopback-component-storage > pkgcloud > liboneandone > mocha > glob > minimatch, patched in: 3.0.2
• Gravity: CRITICAL, package: growl, path: loopback-component-storage > pkgcloud > liboneandone > mocha > growl, patched in: 1.10.2
• Gravity: Low, package: debug, patched in 3.1.0
• Gravity: Moderate, package: swagger-ui, fixed in 3.20
• Gravity: Low, package: minimist, patched in: 1.2.3
• Gravity: High, package: node-forge, patched in 0.10.0

How to reproduce

npm audit will show the vulnerabilities.

[dhmlau]

@giovanni-bertoncelli, thanks for reporting this. Would you like to submit a PR? thanks.

[dhmlau]

@giovanni-bertoncelli, we're also waiting for security fixes in liboneandone (see #285 (comment)).

[giovanni-bertoncelli]

@dhmlau Sorry, I have not so much time to spend on this...

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.