Security issue in ps-tree dependency

Question

Security issue in ps-tree dependency

Closed this issue 7 years ago · 5 comments

There's a security vulnerability in event-stream, which is used by ps-tree.
More details here - indexzero/ps-tree#33. Not sure if ps-tree is still being maintained, so it might be a good idea to use an alternative library.

Answer 1 · 2018-11-26T14:37:58.000Z

@cuongluu8 Thank you so much for giving us a heads up regarding the security issue. We have started working on a fix and will release the fix soon.

Answer 2 · 2018-11-26T18:02:32.000Z

@cuongluu8 Thank you for raising this issue, for now we have removed the dependency of ps-tree and released a new version.

Answer 3 · 2018-11-26T18:19:34.000Z

FYI ps-tree@1.1.1 locked to event-stream@3.3.4 (which if I read the thread correctly pre-dates the questionable changes).

Thanks to folks for bringing it to my attention: indexzero/ps-tree#34

Answer 4 · 2018-11-27T10:41:55.000Z

Thanks for raising!

Answer 5 · 2018-11-27T12:19:03.000Z

Released new version 1.3.7 which is locked to ps-tree's version 1.1.1