		@@ -1,2 +0,1 @@
		[{"type":"issue","check_name":"Vulnerable module \"tough-cookie\" identified","description":"`tough-cookie` Regular Expression Denial of Service","categories":["Security"],"remediation_points":300000,"content":{"body":"# Regular Expression Denial of Service\n## Overview:\nThe tough-cookie module is vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds.\n\nUnless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb so the impact of the ReDoS is limited to around 7.3 seconds of blocking.\n\nAt the time of writing all version \u003c=2.3.2 are vulnerable\n\n## Recommendation:\nPlease update to version 2.3.3 or greater"},"location":{"path":"package-lock.json","lines":{"begin":3251,"end":3258}},"engine_name":"nodesecurity","fingerprint":"4cdf86fa345ebf706041609832e5a167","severity":"minor"},
		{"type":"issue","check_name":"Vulnerable module \"debug\" identified","description":"`debug` Regular Expression Denial of Service","categories":["Security"],"remediation_points":300000,"content":{"body":"# Regular Expression Denial of Service\n## Overview:\nThe debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the `o` formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.\n\n## Recommendation:\nUpgrade to version 2.6.9 or greater if you are on the 2.6.x series or 3.1.0 or greater."},"location":{"path":"package-lock.json","lines":{"begin":2600,"end":2607}},"engine_name":"nodesecurity","fingerprint":"82f98b1c73a1bd2659e5d0a968d287a5","severity":"minor"}]
		[]

config/development.js

		@@ -13,4 +13,5 @@
		level: 'debug',
		pretty: true,
		},
		};

config/test.js

		module.exports = {
		logger: {
		level: 'fatal',
		stream: 'stdout',
		},
		@@ -6,0 +5,0 @@ defaultTransformations: [],

package.json

		{
		"name": "caravaggio",
		"version": "2.2.2",
		"version": "2.3.0",
		"description": "A blazing fast image processor service",
		@@ -10,3 +10,3 @@ "main": "index.js",
		"now-start": "bin/caravaggio --cache memory",
		"dev": "NODE_ENV=development micro-dev -p 3001 src/ -s \| pino",
		"dev": "NODE_ENV=development micro-dev -p 3001 src/ -s",
		"test": "npm run lint && npm run test-only -- --coverage --colors=false",
		@@ -36,4 +36,4 @@ "test-only": "NODE_ENV=test ALLOW_CONFIG_MUTATIONS=true jest",
		"dependencies": {
		"config": "^1.30.0",
		"fs-extra": "^6.0.0",
		"config": "2.0.1",
		"fs-extra": "7.0.0",
		"md5": "^2.2.1",
		@@ -44,14 +44,15 @@ "micro": "^9.3.0",
		"node-fetch": "^2.1.2",
		"pino": "^4.16.1",
		"pino": "^5.4.0",
		"sharp": "^0.20.2",
		"yargs": "^11.0.0"
		"yargs": "12.0.1"
		},
		"devDependencies": {
		"eslint": "^4.19.1",
		"eslint-config-airbnb-base": "^12.1.0",
		"eslint": "^5.4.0",
		"eslint-config-airbnb-base": "^13.1.0",
		"eslint-import-resolver-jest": "^2.1.1",
		"eslint-plugin-import": "^2.11.0",
		"eslint-plugin-jest": "^21.15.1",
		"jest": "^22.4.3",
		"micro-dev": "^2.2.2",
		"jest": "^23.5.0",
		"micro-dev": "3.0.0",
		"pino-pretty": "^2.0.1",
		"request-promise": "^4.2.2",
		@@ -65,5 +66,3 @@ "test-listen": "^1.1.0"
		"coverageReporters": [
		"json",
		"lcov",
		"text",
		"text-summary",
		"html"
		@@ -82,4 +81,8 @@ ],
		"pkg": {
		"assets": "config/*/"
		"assets": [
		"config/*/",
		"static/*/",
		"node_modules/config/*/.*"
		]
		}
		}

.gitlab-ci.yml

Sorry, the diff of this file is not supported yet

caravaggio - npm Package Compare versions

New alerts

Fixed alerts

Worsened metrics

Dependency changes