Update pkgcloud dependency vulnerabilities 2018-12 - gcloud and liboneandone #644
Description
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Critical Command Injection
Package growl
Patched in >=1.10.2
Dependency of pkgcloud
Path pkgcloud > liboneandone > mocha > growl
More info https://nodesecurity.io/advisories/146
Moderate Out-of-bounds Read
Package base64url
Patched in >=3.0.0
Dependency of pkgcloud
Path pkgcloud > gcloud > gapitoken > jws > base64url
More info https://nodesecurity.io/advisories/658
Moderate Out-of-bounds Read
Package base64url
Patched in >=3.0.0
Dependency of pkgcloud
Path pkgcloud > gcloud > gapitoken > jws > jwa > base64url
More info https://nodesecurity.io/advisories/658
High Regular Expression Denial of Service
Package minimatch
Patched in >=3.0.2
Dependency of pkgcloud
Path pkgcloud > liboneandone > mocha > glob > minimatch
More info https://nodesecurity.io/advisories/118
Moderate Denial of Service
Package protobufjs
Patched in >=5.0.3 < 6.0.0 || >=6.8.6
Dependency of pkgcloud
Path pkgcloud > gcloud > protobufjs
More info https://nodesecurity.io/advisories/605
Low Regular Expression Denial of Service
Package debug
Patched in >= 2.6.9 < 3.0.0 || >= 3.1.0
Dependency of pkgcloud
Path pkgcloud > liboneandone > mocha > debug
More info https://nodesecurity.io/advisories/534
It seems that gcloud is deprecated! and replaced with google-cloud.
It seems like liboneandone hasn't been updated in 4 months and pkgcloud already uses the latest current version.
sffc, girving, sotarules, acid-chicken, progre and 2 more