Skip to content

fix dependency issues #127

Description

@raleigh-g-thompson

Fix known issues reported by npm audit in v0.7.11-SNAPSHOT

brace-expansion 1.0.0 - 1.1.11 || 2.0.0 - 2.0.1
brace-expansion Regular Expression Denial of Service vulnerability - GHSA-v6h2-p8h4-qcjw
brace-expansion Regular Expression Denial of Service vulnerability - GHSA-v6h2-p8h4-qcjw
fix available via npm audit fix
node_modules/@vscode/test-cli/node_modules/brace-expansion
node_modules/brace-expansion
node_modules/mocha/node_modules/brace-expansion

diff 5.0.0 - 5.2.1
jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch - GHSA-73rr-hh4g-fpgx
fix available via npm audit fix
node_modules/diff

form-data 3.0.0 - 3.0.3
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - GHSA-fjxv-7rqg-78g4
fix available via npm audit fix
node_modules/form-data

glob 10.2.0 - 10.4.5
Severity: high
glob CLI: Command injection via -c/--cmd executes matches with shell:true - GHSA-5j98-mcp5-4vw2
fix available via npm audit fix
node_modules/@vscode/test-cli/node_modules/glob

js-yaml 4.0.0 - 4.1.0
Severity: moderate
js-yaml has prototype pollution in merge (<<) - GHSA-mh29-5h37-fv8m
fix available via npm audit fix
node_modules/js-yaml

5 vulnerabilities (2 low, 1 moderate, 1 high, 1 critical)

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    Fields

    No fields configured for Task.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions