capacitor-assets icon indicating copy to clipboard operation
capacitor-assets copied to clipboard

Published 20 hours ago verified publisher icon ionic-team

Security advice semver

Open xuelink opened this issue 1 year ago • 2 comments 

$ npm audit

# npm audit report
semver  7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/simple-update-notifier/node_modules/semver
  simple-update-notifier  1.0.7 - 1.1.0
  Depends on vulnerable versions of semver
  node_modules/simple-update-notifier
    nodemon  2.0.19 - 2.0.22
    Depends on vulnerable versions of simple-update-notifier
    node_modules/@trapezedev/project/node_modules/nodemon

3 moderate severity vulnerabilities

$ npm ls simple-update-notifier
[email protected] /Users/xl/Developer/x/x
└─┬ @capacitor/[email protected]
  └─┬ @trapezedev/[email protected]
    └─┬ [email protected]
      └─┬ [email protected]
        └── [email protected]

xuelink avatar Jan 27 '24 11:01 xuelink

This seems to be dependent on https://github.com/ionic-team/trapeze/issues/200

AntiGuideAkquinet avatar Apr 26 '24 06:04 AntiGuideAkquinet

Could an additional override not be specified here to fix this?

yndajas avatar Jul 10 '24 11:07 yndajas