snapshot

snapshot copied to clipboard

Could this be addressed?

Warning from GitHub:

The latest possible version that can be installed is 1.4.0 because of the following conflicting dependency:
@cypress/[email protected] requires diff@^1.3.2 via a transitive dependency on [email protected]
The earliest fixed version is 3.5.0.

Audit

$ npm audit
# npm audit report

ansi-regex  >2.1.1 <5.0.1
Severity: moderate
 Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
No fix available
node_modules/snap-shot-compare/node_modules/ansi-regex
  strip-ansi  4.0.0 - 5.2.0
  Depends on vulnerable versions of ansi-regex
  node_modules/snap-shot-compare/node_modules/strip-ansi
    snap-shot-compare  *
    Depends on vulnerable versions of disparity
    Depends on vulnerable versions of strip-ansi
    node_modules/snap-shot-compare
      @cypress/snapshot  *
      Depends on vulnerable versions of snap-shot-compare
      node_modules/@cypress/snapshot

diff  <3.5.0
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-h6ch-v84p-w6p9
No fix available
node_modules/disparity/node_modules/diff
  disparity  <=2.0.0
  Depends on vulnerable versions of diff
  node_modules/disparity
    snap-shot-compare  *
    Depends on vulnerable versions of disparity
    Depends on vulnerable versions of strip-ansi
    node_modules/snap-shot-compare
      @cypress/snapshot  *
      Depends on vulnerable versions of snap-shot-compare
      node_modules/@cypress/snapshot

6 vulnerabilities (3 moderate, 3 high)