taiko icon indicating copy to clipboard operation
taiko copied to clipboard

Published 20 hours ago verified publisher icon getgauge

Security updates to fix active vulnerabilities

Open mkmurali opened this issue 2 years ago • 1 comments

Fixes security vulnerabilities.

# npm audit report

ansi-html  <0.0.8
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/ansi-html
  documentation  4.0.0-beta - 13.2.5
  Depends on vulnerable versions of ansi-html
  Depends on vulnerable versions of vinyl-fs
  node_modules/documentation

glob-parent  <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/glob-stream/node_modules/glob-parent
  glob-stream  5.3.0 - 6.1.0
  Depends on vulnerable versions of glob-parent
  node_modules/glob-stream
    vinyl-fs  >=2.4.2
    Depends on vulnerable versions of glob-stream
    node_modules/vinyl-fs
      documentation  4.0.0-beta - 13.2.5
      Depends on vulnerable versions of ansi-html
      Depends on vulnerable versions of vinyl-fs
      node_modules/documentation

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix`
node_modules/got

parse-path  <5.0.0
Severity: high
Authorization Bypass in parse-path - https://github.com/advisories/GHSA-3j8f-xvm3-ffx4
fix available via `npm audit fix`
node_modules/parse-path
  parse-url  <=6.0.5
  Depends on vulnerable versions of parse-path
  node_modules/parse-url

parse-url  <=6.0.5
Severity: high
Cross site scripting in parse-url - https://github.com/advisories/GHSA-q6wq-5p59-983w
Depends on vulnerable versions of parse-path
fix available via `npm audit fix`
node_modules/parse-url

8 vulnerabilities (1 moderate, 7 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

With this update

found 0 vulnerabilities

mkmurali avatar Sep 12 '22 20:09 mkmurali

Thanks for taking time to work on this, please fix the test failure !

NivedhaSenthil avatar Sep 14 '22 07:09 NivedhaSenthil

@NivedhaSenthil I think this PR can be closed now that #2663 is merged; this is now obsolete.

marques-work avatar Nov 30 '22 02:11 marques-work