build: run npm audit fix by abmusse · Pull Request #381 · IBM/nodejs-itoolkit

abmusse · 2023-10-09T22:26:14Z

pulled down the latest main branch and ran npm audit:

$ npm audit

get-func-name  <2.0.1
Severity: high
Chaijs/get-func-name vulnerable to ReDoS - https://github.com/advisories/GHSA-4q6p-r6v2-jvc5
fix available via `npm audit fix`
node_modules/get-func-name

json5  <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

semver  6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/@release-it/conventional-changelog/node_modules/semver
node_modules/eslint-config-airbnb-base/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/semver
  @release-it/conventional-changelog  5.1.1 - 7.0.0
  Depends on vulnerable versions of semver
  node_modules/@release-it/conventional-changelog

4 vulnerabilities (2 moderate, 2 high)

After running npm audit fix there are 0 vulnerabilities.

pulled down the latest main branch and ran npm audit: ```sh $ npm audit get-func-name <2.0.1 Severity: high Chaijs/get-func-name vulnerable to ReDoS - GHSA-4q6p-r6v2-jvc5 fix available via `npm audit fix` node_modules/get-func-name json5 <1.0.2 Severity: high Prototype Pollution in JSON5 via Parse Method - GHSA-9c47-m6qq-7p4h fix available via `npm audit fix` node_modules/json5 semver 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1 Severity: moderate semver vulnerable to Regular Expression Denial of Service - GHSA-c2qf-rxjj-qqgw semver vulnerable to Regular Expression Denial of Service - GHSA-c2qf-rxjj-qqgw fix available via `npm audit fix` node_modules/@release-it/conventional-changelog/node_modules/semver node_modules/eslint-config-airbnb-base/node_modules/semver node_modules/make-dir/node_modules/semver node_modules/semver @release-it/conventional-changelog 5.1.1 - 7.0.0 Depends on vulnerable versions of semver node_modules/@release-it/conventional-changelog 4 vulnerabilities (2 moderate, 2 high) ``` After running `npm audit fix` there are 0 vulnerabilities.

abmusse requested a review from kadler October 9, 2023 22:26

kadler approved these changes Oct 10, 2023

View reviewed changes

abmusse merged commit cea6154 into master Oct 10, 2023

abmusse deleted the update-deps-10-2023 branch October 10, 2023 16:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build: run npm audit fix#381

build: run npm audit fix#381
abmusse merged 1 commit intomasterfrom
update-deps-10-2023

abmusse commented Oct 9, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

abmusse commented Oct 9, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants