snapshot icon indicating copy to clipboard operation
snapshot copied to clipboard

Published 20 hours ago verified publisher icon cypress-io

NPM complaining about this old version of diff

Open j1000 opened this issue 3 years ago • 2 comments

https://github.com/cypress-io/snapshot/blob/2678cd27cbb5e8509efb8ebc100cccb49c847a37/package-lock.json#L2114-L2115

I'm relatively new to NPM but I believe it's complaining about a "high" vulnerability with this dependency.

                       === npm audit security report ===                        


                                 Manual Review                                  
             Some vulnerabilities require your attention to resolve             
                                                                                
          Visit https://go.npm.me/audit-guide for additional guidance           


  High            Regular Expression Denial of Service                          

  Package         diff                                                          

  Patched in      >= 3.5.0                                                      

  Dependency of   @cypress/snapshot [dev]                                       

  Path            @cypress/snapshot > snap-shot-compare > disparity > diff      

  More info       https://npmjs.com/advisories/1631                             

found 1 high severity vulnerability in 558 scanned packages
  1 vulnerability requires manual review. See the full report for details.

j1000 avatar Mar 02 '21 15:03 j1000

PR #125

egrubbs avatar May 03 '21 15:05 egrubbs

PR #125

the PR is merged, but it's not publish to https://www.npmjs.com/package/@cypress/snapshot yet

eltonlauhk01 avatar Jun 04 '21 03:06 eltonlauhk01