search

IBM / keyprotect-nodejs-client

Nodejs SDK for interacting with the IBMCloud KeyProtect service.
Apache License 2.0
0 stars 10 forks source link

Fix ansi-regex cve issue-305 #18

Closed Rishi-web closed 2 years ago

Rishi-web commented 2 years ago

w.r.t issue https://github.ibm.com/kms/psirt-issue-tracker/issues/305 some of the related packages are updated to latest version to fix ansi-regex vulnerability issue.

Rishi-web commented 2 years ago

Test result

Screenshot 2022-08-04 at 5 30 57 PM
codecov[bot] commented 2 years ago

Codecov Report

Merging #18 (60e1654) into master (75687c2) will not change coverage. The diff coverage is n/a.

:exclamation: Current head 60e1654 differs from pull request most recent head db94421. Consider uploading reports for the commit db94421 to get more accurate results

@@            Coverage Diff            @@
##            master       #18   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines          416       416           
  Branches        59        59           
=========================================
  Hits           416       416

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

thu2thu2 commented 2 years ago

Looks good to me.

Rishi-web commented 2 years ago

As of now pretty-format is using ans-regex -5.0.0 with caret(^) symbol, which internally downloads the stable version.

Screenshot 2022-08-08 at 11 24 01 AM
Rishi-web commented 2 years ago

The final ansi-regex which gets download after doing npm install is 5.0.1 which is free from any vulnerabilities. w.r.t - https://security.snyk.io/package/npm/ansi-regex

Screenshot 2022-08-08 at 11 32 46 AM
Rishi-web commented 2 years ago

No more - ansi-regex-5.0.0.tgz in nodejs-client code base

Screenshot 2022-08-08 at 11 24 27 AM