search

OfficeDev / Office-Addin-Scripts

A set of scripts and packages that are consumed in Office add-ins projects.
MIT License
153 stars 93 forks source link

OfficeJS failing security test #792

Closed RahulKalghatgi22 closed 11 months ago

RahulKalghatgi22 commented 1 year ago

I am having an application which is using the updated version of office-addin-mock. In the component tree I see that the office-addin-mock is dependent on the semver (v5.7.1 - not a latest version). This dependency is causing a security issue.

Expected behavior

The security scan should pass the office-addin-mock.

Current behavior

I tried running a security scan on application and turns out that the office-addin-mock is pointing to semver@5.7.1 where it fails to pass the scan. I have tried downgrading the office-addin-mock version to 2.3.9 yet it is pointing to 5.7.1.

Steps to reproduce

  1. install office-addin-mock.
  2. run npm ls semver

Context

This is causing a security issue on an application. office-addin-mock

ZYUN-MSFT commented 1 year ago

Hi @samantharamon , \ Could you please help to take a look of this issue or involved in the area expert?

Thank you in advance.

millerds commented 1 year ago

We have an internal bug tracking this. The fix should be forth coming.

millerds commented 11 months ago

Updated package with fixes is published.