CodeceptJS icon indicating copy to clipboard operation
CodeceptJS copied to clipboard

Published 20 hours ago verified publisher icon codeceptjs

Has high severity vulnerabilities

Open NagayamaToshiaki opened this issue 8 months ago • 1 comments

I installed CodeceptJS at latest, then Node.js showed it has vulnerabirities. I audited and the result is:

# npm audit report

cross-spawn  <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/child-process-promise/node_modules/cross-spawn
  child-process-promise  >=2.2.0
  Depends on vulnerable versions of cross-spawn
  node_modules/child-process-promise
    detox  >=4.1.1
    Depends on vulnerable versions of child-process-promise
    node_modules/detox
      @codeceptjs/detox-helper  *
      Depends on vulnerable versions of detox
      node_modules/@codeceptjs/detox-helper
        codeceptjs  2.2.1 || 3.5.1-2.beta.7 || >=3.5.10
        Depends on vulnerable versions of @codeceptjs/detox-helper
        node_modules/codeceptjs

NagayamaToshiaki avatar Feb 25 '25 06:02 NagayamaToshiaki