line-bot-sdk-nodejs icon indicating copy to clipboard operation
line-bot-sdk-nodejs copied to clipboard

Published 20 hours ago verified publisher icon line

1 moderate severity vulnerability found in the the sdk

Open songpr opened this issue 1 year ago • 0 comments

Bug Report

Describe the bug 1 moderate severity vulnerability

To Reproduce

Steps to reproduce the behavior:

  1. npm audit

Expected behavior no severity found

Screenshots If applicable, add screenshots to help explain your problem.

Environment (please complete the following information):

  • OS: Ubuntu
  • Node 16
  • line-bot-sdk-nodejs 7.5.0

Additional context === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Moderate │ file-type vulnerable to Infinite Loop via malformed MKV file │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ file-type │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=16.5.4 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ @line/bot-sdk │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ @line/bot-sdk > file-type │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://github.com/advisories/GHSA-mhxj-85r3-2x55 │ └───────────────┴──────────────────────────────────────────────────────────────┘ found 1 moderate severity vulnerability in 285 scanned packages 1 vulnerability requires manual review. See the full report for details.

songpr avatar Aug 04 '22 03:08 songpr