You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When installing mjml package, there is a dependency which is causing a moderate vulnerability. (semver, more info here GHSA-c2qf-rxjj-qqgw)
To Reproduce
Steps to reproduce the behavior:
Create a new project using npm npm init
intall mjml npm i mjml
Check the console output
> npm i [email protected]
added 140 packages, and audited 141 packages in 6s
26 packages are looking for funding
run `npm fund` for details
3 moderate severity vulnerabilities
To address all issues, run:
npm audit fix
Run `npm audit` for details.
Execute npm audit and check the console output
> npm audit
# npm audit report
semver <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/semver
editorconfig 0.13.3 - 0.15.3
Depends on vulnerable versions of semver
node_modules/editorconfig
js-beautify >=1.8.0-rc10
Depends on vulnerable versions of editorconfig
node_modules/js-beautify
3 moderate severity vulnerabilities
To address all issues, run:
npm audit fix
Expected behavior
A clear and concise description of what you expected to happen.
MJML environment (please complete the following information):
OS: MacOS
MJML Version <= 4.14.1
MJML tool used: npm
Node version: v16
NPM version: 9.5.1
Additional context npm audit fix is not working
The text was updated successfully, but these errors were encountered:
Describe the bug
When installing mjml package, there is a dependency which is causing a moderate vulnerability. (semver, more info here GHSA-c2qf-rxjj-qqgw)
To Reproduce
Steps to reproduce the behavior:
npm init
npm i mjml
npm audit
and check the console outputExpected behavior
A clear and concise description of what you expected to happen.
MJML environment (please complete the following information):
Additional context
npm audit fix
is not workingThe text was updated successfully, but these errors were encountered: