node-red-web-nodes
node-red-web-nodes copied to clipboard
node-red-node-google depends on vulnerable version of minimatch
Which node are you reporting an issue on?
node-red-node-google
What are the steps to reproduce?
Run npm audit
under ~/.node-red
.
What happens?
$ npm audit
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.0.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-node-google │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ node-red-node-google > minimatch │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/118 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 high severity vulnerability in 920 scanned packages
1 vulnerability requires manual review. See the full report for details.
What do you expect to happen?
No high severity vulnerabilities found.