Skip to content
This repository has been archived by the owner on Oct 17, 2023. It is now read-only.

npm audit reports multiple security vulnerabilities #100

Open
unigazer opened this issue Oct 8, 2021 · 0 comments
Open

npm audit reports multiple security vulnerabilities #100

unigazer opened this issue Oct 8, 2021 · 0 comments
Labels
legacy Related to legacy, non-OpenAPI SDK

Comments

@unigazer
Copy link

unigazer commented Oct 8, 2021

Found 16 vulnerabilities within 831 dependencies.

Critical High Moderate Low Info
0 10 6 0 0

Known vulnerabilities:

Name Package name Severity CVEs Recommendation
Inefficient Regular Expression Complexity in chalk/ansi-regex ansi-regex moderate CWE-918, CVE-2021-3807 Upgrade to version 5.0.1 or later
Prototype Pollution in set-value set-value high CWE-843, CVE-2021-23440 Upgrade to version 4.0.1 or later

Recommended actions:

Package Action Target version Major update What to do
ansi-regex update 5.0.1 npm update ansi-regex --depth 4
ansi-regex review Manual review
set-value review Manual review

It seems that most of them are coming from hellosign-sdk > expect
@jtreminio-dropbox jtreminio-dropbox added the legacy Related to legacy, non-OpenAPI SDK label Mar 30, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
legacy Related to legacy, non-OpenAPI SDK
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@unigazer @jtreminio-dropbox