Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 29 vulnerabilities #6

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Fix for 29 vulnerabilities #6

wants to merge 1 commit into from

Conversation

yeromero
Copy link
Owner

@yeromero yeromero commented Oct 6, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Reverse Tabnabbing
SNYK-JS-ISTANBULREPORTS-2328088		 Yes No Known Exploit
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-JQUERY-174006		 Yes Proof of Concept
medium severity 701/1000
Why? Mature exploit, Has a fix available, CVSS 6.3		 Cross-site Scripting (XSS)
SNYK-JS-JQUERY-565129		 Yes Mature
medium severity 711/1000
Why? Mature exploit, Has a fix available, CVSS 6.5		 Cross-site Scripting (XSS)
SNYK-JS-JQUERY-567880		 Yes Mature
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-174116		 No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082		 Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-451540		 No No Known Exploit
medium severity 520/1000
Why? Has a fix available, CVSS 5.9		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-584281		 Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Prototype Poisoning
SNYK-JS-QS-3153490		 No Proof of Concept
high severity 801/1000
Why? Mature exploit, Has a fix available, CVSS 8.3		 Prototype Pollution
SNYK-JS-TYPEORM-590152		 No Mature
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251		 No No Known Exploit
medium severity 596/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.5		 Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090599		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090600		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090601		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090602		 No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Prototype Pollution
SNYK-JS-XML2JS-5414874		 No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-Y18N-1021887		 Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 Yes Proof of Concept
medium severity 484/1000
Why? Has a fix available, CVSS 5.4		 Cross-site Scripting (XSS)
npm:jquery:20150627		 Yes No Known Exploit
medium severity 469/1000
Why? Has a fix available, CVSS 5.1		 Denial of Service (DoS)
npm:mem:20180117		 Yes No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:mime:20170907		 Yes No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:ms:20170412		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
npm:negotiator:20160616		 Yes No Known Exploit
high severity 756/1000
Why? Mature exploit, Has a fix available, CVSS 7.4		 Uninitialized Memory Exposure
npm:npmconf:20180512		 Yes Mature
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Prototype Override Protection Bypass
npm:qs:20170213		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
npm:semver:20150403		 Yes No Known Exploit
medium severity 644/1000
Why? Mature exploit, Has a fix available, CVSS 4.3		 Open Redirect
npm:st:20171013		 Yes Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: body-parser The new version differs by 250 commits.

See the full diff

Package name: cfenv The new version differs by 3 commits.
  • fb0a2aa update dependencies, now at version 1.2.4
  • 63e072a version 1.2.3
  • 02bb92d Issue 45 Remove '.cfignore'

See the full diff

Package name: errorhandler The new version differs by 85 commits.

See the full diff

Package name: express The new version differs by 250 commits.
  • 3d7fce5 4.17.3
  • f906371 build: update example dependencies
  • 6381bc6 deps: qs@6.9.7
  • a007863 deps: body-parser@1.19.2
  • e98f584 Revert "build: use minimatch@3.0.4 for Node.js < 4"
  • a659137 tests: use strict mode
  • a39e409 tests: prevent leaking changes to NODE_ENV
  • 82de4de examples: fix path traversal in downloads example
  • 12310c5 build: use nyc for test coverage
  • 884657d examples: remove bitwise syntax for includes check
  • 7511d08 build: use minimatch@3.0.4 for Node.js < 4
  • 2585f20 tests: fix test missing assertion
  • 9d09762 build: supertest@6.2.2
  • 43cc56e build: clean up gitignore
  • 1c7bbcc build: Node.js@14.19
  • 9cbbc8a deps: cookie@0.4.2
  • 6fbc269 pref: remove unnecessary regexp for trust proxy
  • 2bc734a deps: accepts@~1.3.8
  • 89bb531 docs: fix typo in res.download jsdoc
  • 744564f tests: add test for multiple ips in "trust proxy"
  • da6cb0e tests: add range tests to res.download
  • 00ad5be tests: add more tests for app.request & app.response
  • 141914e tests: fix tests that did not bubble errors
  • bd4fdfe tests: remove global dependency on should

See the full diff

Package name: hbs The new version differs by 107 commits.

See the full diff

Package name: marked The new version differs by 250 commits.
  • ae01170 chore(release): 4.0.10 [skip ci]
  • fceda57 🗜️ build [skip ci]
  • 8f80657 fix(security): fix redos vulnerabilities
  • c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
  • d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)
  • 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)
  • 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (#2351)
  • 98996b8 chore(deps-dev): Bump @ babel/preset-env from 7.16.5 to 7.16.7 (#2353)
  • ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (#2354)
  • e5171a9 chore(release): 4.0.9 [skip ci]
  • 41990a5 🗜️ build [skip ci]
  • a9696e2 fix: retain line breaks in tokens properly (#2341)
  • 6aacd13 chore(deps-dev): Bump jasmine from 3.10.0 to 4.0.0 (#2343)
  • 55e5df9 chore(deps-dev): Bump @ babel/core from 7.16.5 to 7.16.7 (#2344)
  • 4f4cab4 chore(deps-dev): Bump eslint-plugin-import from 2.25.3 to 2.25.4 (#2345)
  • 97ea9f2 chore(deps-dev): Bump eslint from 8.5.0 to 8.6.0 (#2346)
  • 4c3b853 chore(deps-dev): Bump rollup-plugin-license from 2.6.0 to 2.6.1 (#2347)
  • 9396896 chore(deps-dev): Bump rollup from 2.61.1 to 2.62.0 (#2338)
  • 103a56c chore(deps-dev): Bump @ babel/preset-env from 7.16.4 to 7.16.5 (#2333)
  • be771c9 chore(deps-dev): Bump eslint from 8.4.1 to 8.5.0 (#2334)
  • 67d5a65 chore(deps-dev): Bump @ babel/core from 7.16.0 to 7.16.5 (#2335)
  • 991493a chore(deps-dev): Bump eslint-plugin-promise from 5.2.0 to 6.0.0 (#2336)
  • 59375fb chore(release): 4.0.8 [skip ci]
  • 4734c82 🗜️ build [skip ci]

See the full diff

Package name: ms The new version differs by 19 commits.

See the full diff

Package name: st The new version differs by 32 commits.
  • 0e87caf 1.2.2
  • 579960c improved traversal detection & location redirect
  • ae7b676 1.2.1
  • 5744d49 update deps
  • 473a344 update mime dependency to avoid ReDoS vulnerability
  • 2a5f970 1.2.0
  • fad0367 update deps
  • 67a521e Test command-line switches, --host in particular
  • 128c6fd Introduce -localhost resp. -l abbreviation
  • cc20690 Make the host configurable
  • 9cc1709 Report actual address we're listening on
  • 70b0a48 Configure Travis CI
  • f32cf97 1.1.0
  • fb0a246 update deps
  • d91af76 updated README
  • 6b78b33 added mount url as command line option
  • 770a6d7 updated README about CORS
  • a8f66c0 added basic CORS functionality with tests
  • cdfdb48 1.0.0
  • 95871e2 only consider url path for dotted files w/dot option
  • 54f6119 0.5.5
  • bfbc549 update deps
  • 16c5fe2 Fix "no cache" resolution
  • db7e743 Added test for a parent path This test ensures that a '..' path is allowed in the `path` option Also removed stray console.error

See the full diff

Package name: tap The new version differs by 250 commits.
  • bc49fb7 15.0.0
  • 4378608 remove publishConfig beta tag
  • 2c2e75f provide mkdirRecursive polyfill for old node versions
  • 8f4c855 correctly specify 10.0.x versions
  • 5e61672 update deps
  • c44c418 Support 10.0 and test in CI
  • dc5c841 tcompare@5.0.4
  • 385b6d2 Add .taprc.yml/yaml handling to change log
  • 4f87466 just run regular test script as snap script
  • 315a921 delete FORCE_COLOR/NO_COLOR rather than setting to '0'
  • 564e96f Add detection for .yaml and .yml
  • 75bae93 update cli doc
  • c1289bf 15.0.0-3
  • d6fe32f Do not CI on node 10
  • d2e0428 do not use equals() alias in self-test
  • 3f787c4 tell npm to be colorful in CI
  • 1512818 run tests with color on github actions
  • 4626fa1 Docs: update documentation for tap v15
  • 02d536b libtap@1.0.1
  • f7c7c58 update cli doc
  • 2aa497c 15.0.0-2
  • 8d7f62e Add support for overriding libtap's internal settings
  • 29eed63 new snapshot folder layout
  • 3a28d4d update libtap git ref to isaacs/tap-v15-prep branch

See the full diff

Package name: validator The new version differs by 114 commits.
  • 47ee5ad 13.7.0
  • 496fc8b fix(rtrim): remove regex to prevent ReDOS attack (#1738)
  • 45901ec Merge pull request #1851 from validatorjs/chore/fix-merge-conflicts
  • 83cb7f8 chore: merge conflict clean-up
  • f17e220 feat(isMobilePhone): add El Salvador es-SV locale
  • 5b06703 feat(isMobilePhone): add Palestine ar-PS locale
  • a3faa83 feat(isMobilePhone): add Botswana en-BW locale
  • 26605f9 feat(isMobilePhone): add Turkmenistan tk-TM
  • 0e5d5d4 feat(isMobilePhone): add Guyana en-GY locale
  • f7ff349 feat(isMobilePhone): add Frech Polynesia fr-PF locale
  • 8627e48 feat(isMobilePhone): add Kiribati en-KI locale
  • ed60123 feat(isMobilePhone): add Tajikistan tg-TJ locale (#1846)
  • c96d805 feat(isMobilePhone): add Maldives dv-MV locale
  • 5c2d69e feat(isMobilePhone): regex for Burkina Faso fr-BF and Namibia en-NA locales
  • fc0fefc feat(isMobilePhone): add Bhutan dz-BT locale (#1770)
  • 01d3da3 feat(isMobilePhone): add Tajikistan tg-TJ locale (#1846)
  • af2b43c feat(isUUID): add support for validation of version v1 and v2 (#1848)
  • 769f6d5 feat(contains): add possibility to check that string contains seed multiple times (#1836)
  • f2381e0 feat: (isMobilePhone): add Cameroon fr-CM locale (#1772)
  • 5773869 feat(isVAT): add dutch NL locale (#1825)
  • de1cb29 fix: Russian passport number regex (#1810)
  • 7bee611 add CDN use option with unpkg (#1844)
  • 57cc14e feat(isIdentityCard): add finnish locale (#1838)
  • 2201869 feat: added finnish locale to isAlpha and isAlphanumeric (#1837)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Cross-site Scripting (XSS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: package.json to reduce vulnerabilities
f89e777 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088
- https://snyk.io/vuln/SNYK-JS-JQUERY-174006
- https://snyk.io/vuln/SNYK-JS-JQUERY-565129
- https://snyk.io/vuln/SNYK-JS-JQUERY-567880
- https://snyk.io/vuln/SNYK-JS-MARKED-174116
- https://snyk.io/vuln/SNYK-JS-MARKED-2342073
- https://snyk.io/vuln/SNYK-JS-MARKED-2342082
- https://snyk.io/vuln/SNYK-JS-MARKED-451540
- https://snyk.io/vuln/SNYK-JS-MARKED-584281
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/SNYK-JS-TYPEORM-590152
- https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090599
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090601
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090602
- https://snyk.io/vuln/SNYK-JS-XML2JS-5414874
- https://snyk.io/vuln/SNYK-JS-Y18N-1021887
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/npm:jquery:20150627
- https://snyk.io/vuln/npm:mem:20180117
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:negotiator:20160616
- https://snyk.io/vuln/npm:npmconf:20180512
- https://snyk.io/vuln/npm:qs:20170213
- https://snyk.io/vuln/npm:semver:20150403
- https://snyk.io/vuln/npm:st:20171013
bridgecrew[bot]
bridgecrew bot reviewed Oct 6, 2023
View reviewed changes
Copy link

@bridgecrew bridgecrew bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bridgecrew has found errors in this PR ⬇️

package.json
@@ -16,37 +16,37 @@
},
"dependencies": {
"adm-zip": "0.4.7",
"body-parser": "1.9.0",
"cfenv": "^1.0.4",
"body-parser": "1.19.2",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mongoose 4.2.4 / package.json

Total vulnerabilities: 5

Critical: 3 High: 1 Medium: 1 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2022-2564 CRITICAL CRITICAL 9.8 6.4.6 Open
CVE-2019-17426 CRITICAL CRITICAL 9.1 - Open
CVE-2023-3696 CRITICAL CRITICAL 9.8 5.13.20 Open
PRISMA-2021-0067 HIGH HIGH - 5.12.2 Open
GHSA-r5xw-q988-826m MEDIUM MEDIUM 5.1 4.3.6 Open

package.json
@@ -16,37 +16,37 @@
},
"dependencies": {
"adm-zip": "0.4.7",
"body-parser": "1.9.0",
"cfenv": "^1.0.4",
"body-parser": "1.19.2",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lodash 4.17.4 / package.json

Total vulnerabilities: 7

Critical: 1 High: 2 Medium: 4 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2019-10744 CRITICAL CRITICAL 9.1 4.17.12 Open
CVE-2021-23337 HIGH HIGH 7.2 4.17.21 Open
CVE-2020-8203 HIGH HIGH 7.4 4.17.20 Open
CVE-2020-28500 MEDIUM MEDIUM 5.3 4.17.21 Open
CVE-2019-1010266 MEDIUM MEDIUM 6.5 4.17.11 Open
CVE-2018-3721 MEDIUM MEDIUM 6.5 4.17.5 Open
CVE-2018-16487 MEDIUM MEDIUM 5.6 4.17.11 Open

package.json
@@ -16,37 +16,37 @@
},
"dependencies": {
"adm-zip": "0.4.7",
"body-parser": "1.9.0",
"cfenv": "^1.0.4",
"body-parser": "1.19.2",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

file-type 8.1.0 / package.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2022-36313 MEDIUM MEDIUM 5.5 16.5.4 Open

package.json
@@ -16,37 +16,37 @@
},
"dependencies": {
"adm-zip": "0.4.7",
"body-parser": "1.9.0",
"cfenv": "^1.0.4",
"body-parser": "1.19.2",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

adm-zip 0.4.7 / package.json

Total vulnerabilities: 2

Critical: 0 High: 1 Medium: 1 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
PRISMA-2021-0034 HIGH HIGH - 0.5.3 Open
CVE-2018-1002204 MEDIUM MEDIUM 5.5 0.4.9 Open

package.json
@@ -16,37 +16,37 @@
},
"dependencies": {
"adm-zip": "0.4.7",
"body-parser": "1.9.0",
"cfenv": "^1.0.4",
"body-parser": "1.19.2",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dustjs-linkedin 2.5.0 / package.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2021-4264 HIGH HIGH 8.8 3.0.0 Open

package.json
@@ -16,37 +16,37 @@
},
"dependencies": {
"adm-zip": "0.4.7",
"body-parser": "1.9.0",
"cfenv": "^1.0.4",
"body-parser": "1.19.2",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hbs 4.1.2 / package.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2021-32822 MEDIUM MEDIUM 4 - Open

package.json
@@ -16,37 +16,37 @@
},
"dependencies": {
"adm-zip": "0.4.7",
"body-parser": "1.9.0",
"cfenv": "^1.0.4",
"body-parser": "1.19.2",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moment 2.15.1 / package.json

Total vulnerabilities: 2

Critical: 0 High: 2 Medium: 0 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2022-24785 HIGH HIGH 7.5 2.29.2 Open
CVE-2017-18214 HIGH HIGH 7.5 2.19.3 Open

package.json
@@ -16,37 +16,37 @@
},
"dependencies": {
"adm-zip": "0.4.7",
"body-parser": "1.9.0",
"cfenv": "^1.0.4",
"body-parser": "1.19.2",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ejs 1.0.0 / package.json

Total vulnerabilities: 3

Critical: 1 High: 1 Medium: 1 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2017-1000228 CRITICAL CRITICAL 9.8 2.5.5 Open
CVE-2017-1000189 HIGH HIGH 7.5 2.5.5 Open
CVE-2017-1000188 MEDIUM MEDIUM 6.1 2.5.5 Open

package.json
@@ -16,37 +16,37 @@
},
"dependencies": {
"adm-zip": "0.4.7",
"body-parser": "1.9.0",
"cfenv": "^1.0.4",
"body-parser": "1.19.2",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ejs 1.0.0 / package.json

LOW  Unknown License (NOT_FOUND)

This package use a non-SPDX, unrecognized, or private open-source license. Ensure this package is compliant.

package.json
@@ -16,37 +16,37 @@
},
"dependencies": {
"adm-zip": "0.4.7",
"body-parser": "1.9.0",
"cfenv": "^1.0.4",
"body-parser": "1.19.2",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ejs-locals 1.0.2 / package.json

LOW  Unknown License (NOT_FOUND)

This package use a non-SPDX, unrecognized, or private open-source license. Ensure this package is compliant.

yeromero
yeromero commented Oct 6, 2023
View reviewed changes
Copy link
Owner Author

@yeromero yeromero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bridgecrew bridgecrew[bot] bridgecrew[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yeromero @snyk-bot