Moderate vulnerability: Regular Expression Denial of Service

[YahangWu]

How to reproduce: npm audit

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ws                                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.2.3 <6.0.0 || >=6.2.2 <7.0.0 || >=7.4.6                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ vue-cli-plugin-apollo                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ vue-cli-plugin-apollo > graphql-tools >                      │
│               │ @graphql-tools/url-loader > ws                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1748                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

Fix: upgrade ws to version 5.2.3 or 6.2.2 or 7.4.6 or later by npm install graphql-tools@8.2.0

Vulnerability reference: https://www.npmjs.com/advisories/1748

[LG0012]

node_modules/@graphql-tools/url-loader/node_modules/ws
  @graphql-tools/url-loader  <=7.4.3-alpha-9f8b9c45.0
  Depends on vulnerable versions of cross-fetch
  Depends on vulnerable versions of ws
  node_modules/@graphql-tools/url-loader

└─┬ @nuxtjs/apollo@4.0.1-rc.5
  └─┬ vue-cli-plugin-apollo@0.22.2
    └─┬ graphql-tools@6.2.6
      └── @graphql-tools/url-loader@6.10.1