Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix security alerts #15

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Fix security alerts #15

wants to merge 4 commits into from

Conversation

janbehrens
Copy link
Contributor

@janbehrens janbehrens commented Dec 20, 2021

Fixes all reported vulnerabilities:

ansi-regex  >2.1.1 <5.0.1
Severity: moderate
 Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw

bl  <=1.2.2
Severity: high
Remote Memory Exposure in bl - https://github.com/advisories/GHSA-pp7h-53gx-mx7r
Memory Exposure in bl - https://github.com/advisories/GHSA-wrw9-m778-g6mc

glob-parent  <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6

json-schema  <0.4.0
Severity: moderate
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw

semver  <4.3.2
Severity: high
Regular Expression Denial of Service in semver - https://github.com/advisories/GHSA-x6fg-f45m-jf5q

Tested with build, test and lint scripts as well as linking into nagini.

@janbehrens janbehrens added the dependencies Pull requests that update a dependency file label Dec 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant