potential bug in the audit.js file #374
Assignees
Labels
bug
Something isn't working
Comments
|
@JakeChampion Thanks for the report! I'll look into it. 👀 |
ybiquitous
added a commit
that referenced
this issue
Apr 9, 2021
ybiquitous
added a commit
that referenced
this issue
Apr 9, 2021
|
The fixed version has been released! 🎉 Thanks a lot for this bug report. 😊 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It looks like the
viafield sometimes contains an array of strings and sometimes an array of objects.Looking at the action's code, it looks to throw an error if the contents of via is not an array of objects:
npm-audit-fix-action/lib/audit.js
Line 28 in 46f8a79
Should the audit.js file be updated to accept an array of strings as well as an array of objects?
Here is a link to the workflow run which triggered the error to happen - https://github.com/Financial-Times/podcast-logos/runs/2301719950?check_suite_focus=true
Below is a copy of the audit report json which triggers the error to happen:
{ "auditReportVersion": 2, "vulnerabilities": { "@financial-times/origami-image-set-tools": { "name": "@financial-times/origami-image-set-tools", "severity": "moderate", "via": [ "semvish" ], "effects": [], "range": ">=1.4.2", "nodes": [ "node_modules/@financial-times/origami-image-set-tools" ], "fixAvailable": { "name": "@financial-times/origami-image-set-tools", "version": "1.4.1", "isSemVerMajor": true } }, "semvish": { "name": "semvish", "severity": "moderate", "via": [ "underscore.string" ], "effects": [ "@financial-times/origami-image-set-tools" ], "range": ">=0.3.0", "nodes": [ "node_modules/semvish" ], "fixAvailable": { "name": "@financial-times/origami-image-set-tools", "version": "1.4.1", "isSemVerMajor": true } }, "underscore.string": { "name": "underscore.string", "severity": "moderate", "via": [ { "source": 745, "name": "underscore.string", "dependency": "underscore.string", "title": "Regular Expression Denial of Service", "url": "npmjs.com/advisories/745", "severity": "moderate", "range": "<=3.3.4" } ], "effects": [ "semvish" ], "range": "<=3.3.4", "nodes": [ "node_modules/underscore.string" ], "fixAvailable": { "name": "@financial-times/origami-image-set-tools", "version": "1.4.1", "isSemVerMajor": true } } }, "metadata": { "vulnerabilities": { "info": 0, "low": 0, "moderate": 3, "high": 0, "critical": 0, "total": 3 }, "dependencies": { "prod": 1, "dev": 617, "optional": 0, "peer": 0, "peerOptional": 0, "total": 617 } } }The text was updated successfully, but these errors were encountered: