From 4733bc7d3bffcc1d44c17fddc00de094847e058d Mon Sep 17 00:00:00 2001 From: Eugenio Romano Date: Fri, 14 Jun 2019 15:57:53 +0100 Subject: [PATCH] add Vulnerability info --- docs/README.md | 4 +++- docs/abn-tree.yml | 1 + docs/vulnerability/README.md | 10 ++++++++++ docs/vulnerability/audit-info-3.3.0.md | 27 ++++++++++++++++++++++++++ 4 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 docs/vulnerability/README.md create mode 100644 docs/vulnerability/audit-info-3.3.0.md diff --git a/docs/README.md b/docs/README.md index 7f37375917..d9b12768df 100644 --- a/docs/README.md +++ b/docs/README.md @@ -34,7 +34,9 @@ A few other pages of information are also available: version of ADF. - The [Roadmap](roadmap.md) contains a preview of features we hope to release in future versions of ADF. -- The [License info](license-info/license-info-v3.0.0.md) section lists the third-party +- The [License info](license-info/README.md) section lists the third-party libraries used by ADF along with links to their Open Source licenses. +- The [Vulnerability](vulnerability/README.md) section lists the third-party + libraries known vulnerability. libraries used by ADF along with links to their Open Source licenses. - The [Breaking changes](breaking-changes/breaking-change-2.6.0-3.0.0.md) section lists all breaking changes between major versions, such as removal of deprecated items. diff --git a/docs/abn-tree.yml b/docs/abn-tree.yml index f3fbf3d3a6..41272c5dd8 100644 --- a/docs/abn-tree.yml +++ b/docs/abn-tree.yml @@ -61,4 +61,5 @@ - compatibility.md: 'Version compatibility' - release-notes: 'Release notes' - upgrade-guide: 'Upgrade Guide' +- vulnerability: 'Vulnerability' - license-info: 'License info' diff --git a/docs/vulnerability/README.md b/docs/vulnerability/README.md new file mode 100644 index 0000000000..5bb99a3228 --- /dev/null +++ b/docs/vulnerability/README.md @@ -0,0 +1,10 @@ +--- +Title: Audit information +Github only: true +--- + +# License information + +The pages linked below contain the audit for all third party dependencies of ADF. + +- [ADF v3.3.0](audit-info-3.3.0.md) diff --git a/docs/vulnerability/audit-info-3.3.0.md b/docs/vulnerability/audit-info-3.3.0.md new file mode 100644 index 0000000000..ebf5d68657 --- /dev/null +++ b/docs/vulnerability/audit-info-3.3.0.md @@ -0,0 +1,27 @@ +--- +Title: Audit info, Alfresco Angular components 3.3.0 +--- + +# Audit information for Alfresco Angular components 3.3.0 + +This page lists the npm audit of the project in the version Alfresco Angular components 3.3.0 + +## Risks + +- Critical risk dependencies 0 +- High risk dependencies 0 +- Moderate risk dependencies 4 +- Low risk dependencies 1 + +Dependencies analyzed 64965 + +## Libraries + + +| Severity | Vulnerable versions | Module | +| --- | --- | --- | +|low | "<4.17.5" | lodash | +|moderate | "<4.17.11" | lodash | +|moderate | ">=0.3.14 <0.6.2" | marked | +|moderate | "<0.18.1" | axios | +