markkauffman2000

markkauffman2000

Growl in package-lock.json security vulnerability

I’m quite new to Phoenix, and Node.js for that matter. If you can help me and other newcomers with this one that would be great. The issue is that a couple of Phoenix projects I’ve published in GitHub, ex: GitHub - mark-b-kauffman/phoenixDSK3LO: phoenixDSK with 3-legged OAuth · GitHub , are now marked with a security vulnerability having to do with Node, package-json.lock, and growl. I tried npm install, and removing package-json.lock and running npm install again. I still end up with the old, vulnerable, version of growl.

My question is simple - how do I rebuild the node/brunch stuff in a Phoenix project to use newer versions of node, esp. one that doesn’t have that vulnerability? I could start over with a new Phoenix project and copy my code over - but if there is a way to do this in place, that would be best. Please provide a reasonable amount of detail.

Thank you.

Most Liked

Nicd

Nicd

Looking at your package lock file, it looks like growl is pulled in by loggy that is pulled in by Brunch. That lead me to find this issue report where the resolution was to update loggy to a new version that no longer uses growl.

Unfortunately Brunch also depends on deppack that depends on an old version of loggy, so just upgrading Brunch to the latest version may not fix the issue.

Apparently it may be possible to force the usage of a recent version of loggy by using npm shrinkwrap, but I do not know enough about how it works. In the future versions, Phoenix is moving away from Brunch to Webpack, which would also solve your problem (and I think there are blogposts already on how to make the switch).

Where Next?

Popular in Questions Top

Kurisu
For example for a current url like http://localhost:4000/cosmetic/products?_utf8=✓&query=perfume&page=2, I would like to get: ...
New
shahryarjb
Hello, I get Persian date from my client and convert it to normal calendar like this: def jalali_string_to_miladi_english_number(persi...
New
senggen
Erlang/OTP 25 [erts-13.2.2] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] 15:22:35.803 [error] gen_event {lager_file_backend...
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New
JeremM34
Hello, how can I check the Phoenix version ? Thanks !
New
Emily
I have VueJS GUIs with the project generated using Webpack. I have Elixir modules that will need to be used by the VueJS GUIs. I forese...
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New
Brian
What is the proper way to load a module from a file in to IEX? In the python world, doing something like this pretty standard: from ....
New
vonH
In asking this question I am more interested about the expressiveness of the language itself and less concerned about the availability of...
New

Other popular topics Top

lastday4you
I wanted to check elixir version in phoenix because i found that my elixir is 1.5 but when i use Enum.chunk_by it said the function is un...
New
greenz1
I have a phoenix application from which a user can download multiple(5-6) files of size 1MB. I couldn’t find anything related to sending ...
New
Patoshizzle
After calling mix ecto.create I get this error: 17:00:32.162 [error] GenServer #PID<0.412.0> terminating ** (Postgrex.Error) FATAL...
New
JeremM34
Hello, how can I check the Phoenix version ? Thanks !
New
shahryarjb
Hello, I have map which I want to convert it to string like this: the map: %{last_name: "tavakkoli", name: "shahryar"} the string I ne...
New
gausby
I asked this very same question on twitter and got some interesting feedback, but I thought it would be a good question to ask here as we...
1207 39297 209
New
AstonJ
We’ve put together this wiki for Phoenix LiveView - please feel free to add any info you feel is worth including. What is Phoenix LiveV...
New
klo
Got a question about when to concat vs. prepending items to list then reversing to achieve appending. So i know lists boil down to [1 | ...
New
hariharasudhan94
I would like to know what is the best IDE for elixir development?
New
openscript
Hello! Sorry for this astonishing simple question, but I’m really stuck. I try to set up the intellij-elixir plugin, but I don’t know ho...
New

We're in Beta

About us Mission Statement