Closed itoshot closed 8 months ago
nmatsui
commented
1 year ago node 18は2023/10/18からメンテナンスになり、node 20がLTSとなるため、現時点でnodeのバージョンを上げるならば18ではなく20に上げるべき。
https://github.com/nodejs/Release
| Release | Status | Codename | Initial Release | Active LTS Start | Maintenance Start | End-of-life |
|---|---|---|---|---|---|---|
| 18.x | LTS | Hydrogen | 2022-04-19 | 2022-10-25 | 2023-10-18 | 2025-04-30 |
| 20.x | Current | 2023-04-18 | 2023-10-24 | 2024-10-22 | 2026-04-30 |
nmatsui
commented
1 year ago commit 7c20f22のようにライブラリを更新すると、既存のunittestを破壊しない範囲でnode 20(v20.7.0)で動作可能となる
npm run test:unitしても発生する既存の問題 #6 ただし 2個のcritical、0個のhigh、5個のmoderateな脆弱性が残る。SQL InjectionとXSSに関するcriticalな脆弱性が残存するため、この状態は望ましくない。
class-validator <=0.13.2 Severity: critical SQL Injection and Cross-site Scripting in class-validator - https://github.com/advisories/GHSA-fj58-h2fr-3pp2
$ git diff develop package.json
diff --git a/package.json b/package.json
index 7ca0e5d..0a112c0 100644
--- a/package.json
+++ b/package.json
@@ -29,41 +29,35 @@
"usePathForSuiteName": "true"
},
"dependencies": {
- "amqp-ts": "1.5.0",
- "amqplib": "0.5.3",
"blocked-at": "1.2.0",
- "body-parser": "1.19.0",
+ "body-parser": "1.19.2",^M
"class-transformer": "0.2.3",
- "class-transformer-validator": "0.8.0",
+ "class-transformer-validator": "^0.9.1",^M
"class-validator": "0.12.2",
"cloud-config-client": "1.4.2",
"config": "3.2.2",
- "connect-redis": "3.4.2",
"cookie-parser": "1.4.5",
"copy-to": "2.0.1",
"cors": "2.8.5",
"cross-env": "7.0.2",
"csrf": "^3.1.0",
- "express": "4.17.1",
+ "express": "4.17.3",^M
"express-session": "1.16.2",
"express-winston": "3.2.1",
"glob": "7.1.4",
- "helmet": "3.18.0",
+ "helmet": "^3.23.3",^M
"js-yaml": "3.13.1",
"log4js": "6.1.2",
- "moment-timezone": "0.5.31",
- "mongodb": "3.2.7",
- "mongoose": "5.6.6",
- "node-fetch": "2.6.0",
+ "moment-timezone": "0.5.43",^M
+ "node-fetch": "^2.6.0",^M
"node-health-service": "1.0.7",
- "node-rest-client": "3.1.0",
- "redis": "2.8.0",
+ "node-rest-client": "^3.1.1",^M
"request": "2.88.2",
"request-context": "2.0.0",
"routing-controllers": "0.7.7",
"sprintf-js": "1.1.2",
- "swagger-ui-express": "4.0.7",
- "typed-rest-client": "1.5.0",
+ "swagger-ui-express": "^4.1.3",^M
+ "typed-rest-client": "^1.8.4",^M
"typedi": "0.8.0",
"typeorm-typedi-extensions": "0.2.3",
"url-join": "4.0.1",
@@ -75,38 +69,29 @@
"zipkin-transport-http": "0.18.6"
},
"devDependencies": {
- "@types/amqplib": "0.5.13",
"@types/bluebird": "3.5.27",
- "@types/body-parser": "1.17.0",
+ "@types/body-parser": "1.19.2",^M
"@types/config": "0.0.34",
- "@types/connect-redis": "0.0.10",
"@types/cookie-parser": "1.4.2",
"@types/cors": "2.8.5",
- "@types/express": "4.17.0",
- "@types/express-session": "1.15.13",
- "@types/glob": "7.1.1",
- "@types/helmet": "0.0.35",
+ "@types/express": "4.17.3",^M
+ "@types/express-session": "1.15.16",^M
+ "@types/glob": "7.1.4",^M
"@types/jest": "^25.2.3",
- "@types/js-yaml": "3.9.0",
- "@types/log4js": "2.3.5",
- "@types/moment-timezone": "0.5.13",
- "@types/mongodb": "3.1.30",
- "@types/mongoose": "5.5.9",
+ "@types/js-yaml": "3.12.5",^M
"@types/node": "^18.16.10",
"@types/pg": "7.11.2",
- "@types/redis": "2.8.13",
"@types/request": "2.48.5",
"@types/sprintf-js": "1.1.2",
"@types/supertest": "2.0.8",
- "@types/swagger-ui-express": "3.0.1",
- "@types/url-join": "4.0.0",
+ "@types/swagger-ui-express": "^4.1.3",^M
+ "@types/url-join": "4.0.1",^M
"@types/uuid": "3.4.5",
"@typescript-eslint/eslint-plugin": "2.6.1",
"@typescript-eslint/parser": "2.6.1",
"eslint": "6.6.0",
"eslint-config-prettier": "6.5.0",
"eslint-config-standard": "14.1.0",
- "eslint-loader": "3.0.2",
"eslint-plugin-import": "2.18.2",
"eslint-plugin-jest": "23.8.1",
"eslint-plugin-node": "10.0.0",
@@ -125,9 +110,9 @@
"supertest": "^6.3.3",
"ts-jest": "^29.1.0",
"ts-loader": "6.2.1",
- "ts-node": "8.3.0",
+ "ts-node": "^10.7.0",^M
"typeorm": "^0.3.17",
"typescript": "^4.9.5",
- "xunit-file": "1.0.0"
+ "xunit-file": "^2.0.0"^M
}
}-------------------------------------------------|---------|----------|---------|---------|---------------------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
-------------------------------------------------|---------|----------|---------|---------|---------------------------------
All files | 98.11 | 97 | 99.46 | 98.05 |
repositories/postgres | 96.42 | 90 | 97.33 | 96.3 |
IdentifyCodeEntity.ts | 67.85 | 0 | 100 | 65.38 | 51-59
IdentifyCodeRepository.ts | 100 | 100 | 100 | 100 |
LoginHistory.ts | 100 | 100 | 100 | 100 |
LoginHistoryOperation.ts | 100 | 100 | 100 | 100 |
ManageBlockInfo.ts | 100 | 100 | 100 | 100 |
OneTimeLoginCodeEntity.ts | 100 | 100 | 100 | 100 |
OneTimeLoginCodeRepository.ts | 100 | 100 | 100 | 100 |
OperatorEntity.ts | 100 | 100 | 100 | 100 |
OperatorRepository.ts | 98.01 | 84.61 | 100 | 98.01 | 527,561
PasswordHistory.ts | 100 | 100 | 100 | 100 |
PasswordHistoryOperation.ts | 100 | 100 | 100 | 100 |
RoleSettingEntity.ts | 100 | 100 | 100 | 100 |
RoleSettingRepository.ts | 100 | 100 | 100 | 100 |
SessionEntity.ts | 100 | 100 | 100 | 100 |
SessionRepository.ts | 86.95 | 100 | 88.88 | 86.95 | 108-110
SmsVerificationCode.ts | 100 | 100 | 100 | 100 |
SmsVerificationCodeOperation.ts | 82.14 | 77.77 | 75 | 82.14 | 75,96-111
UserInformationEntity.ts | 100 | 100 | 100 | 100 |
UserInformationRepository.ts | 100 | 100 | 100 | 100 |
resources | 99.7 | 100 | 100 | 99.69 |
IdentifyCodeController.ts | 100 | 100 | 100 | 100 |
LoginController.ts | 100 | 100 | 100 | 100 |
LogoutController.ts | 100 | 100 | 100 | 100 |
OperatorController.ts | 100 | 100 | 100 | 100 |
PasswordController.ts | 100 | 100 | 100 | 100 |
SessionController.ts | 100 | 100 | 100 | 100 |
SmsVerificateController.ts | 97.14 | 100 | 100 | 96.96 | 72
UserInfoController.ts | 100 | 100 | 100 | 100 |
resources/dto | 99.28 | 96.25 | 100 | 99.28 |
GetByOperatorIdResDto.ts | 97.67 | 94.11 | 100 | 97.67 | 102
GetOperatorWithTypeReqDto.ts | 100 | 100 | 100 | 100 |
IdAAsOperatorOrUserReqDto.ts | 100 | 100 | 100 | 100 |
NewPasswordReqDto.ts | 100 | 100 | 100 | 100 |
OperatorIdReqDto.ts | 100 | 100 | 100 | 100 |
PostAddUserInformationReqDto.ts | 100 | 100 | 100 | 100 |
PostIdentifyCodeReqDto.ts | 100 | 100 | 100 | 100 |
PostIndLoginOneTimeReqDto.ts | 100 | 100 | 100 | 100 |
PostIndLoginReqDto.ts | 100 | 100 | 100 | 100 |
PostIndLoginSsoReqDto.ts | 100 | 100 | 100 | 100 |
PostIndSmsVerificateReqDto.ts | 100 | 100 | 100 | 100 |
PostIndSmsVerificateVerifiyReqDto.ts | 100 | 100 | 100 | 100 |
PostLoginReqDto.ts | 100 | 100 | 100 | 100 |
PostLoginResDto.ts | 100 | 100 | 100 | 100 |
PostLogoutReqDto.ts | 100 | 100 | 100 | 100 |
PostOperatorAddReqDto.ts | 100 | 100 | 100 | 100 |
PostOperatorAddResDto.ts | 96.36 | 92.85 | 100 | 96.36 | 133,148
PostSessionReqDto.ts | 100 | 100 | 100 | 100 |
PostSessionResDto.ts | 100 | 100 | 100 | 100 |
PostUserInfoListReqDto.ts | 100 | 100 | 100 | 100 |
PostUserInfoSearchReqDto.ts | 100 | 100 | 100 | 100 |
PostUserInfoSearchResDto.ts | 100 | 100 | 100 | 100 |
PutByOperatorIdReqDto.ts | 100 | 100 | 100 | 100 |
PutByOperatorIdResDto.ts | 100 | 100 | 100 | 100 |
UserInformationDto.ts | 100 | 100 | 100 | 100 |
resources/validator | 100 | 100 | 100 | 100 |
GetByOperatorTypeRequestValidator.ts | 100 | 100 | 100 | 100 |
IdAsOperatorOrUserValidator.ts | 100 | 100 | 100 | 100 |
LoginRequestValidator.ts | 100 | 100 | 100 | 100 |
OperatorIdParamsValidator.ts | 100 | 100 | 100 | 100 |
PostIdentifyCodeRequestValidator.ts | 100 | 100 | 100 | 100 |
PostIndLoginOneTimeRequestValidator.ts | 100 | 100 | 100 | 100 |
PostIndLoginRequestValidator.ts | 100 | 100 | 100 | 100 |
PostIndLoginSsoRequestValidator.ts | 100 | 100 | 100 | 100 |
PostIndSmsVerificateRequestValidator.ts | 100 | 100 | 100 | 100 |
PostIndSmsVerificateVerifiyRequestValidator.ts | 100 | 100 | 100 | 100 |
PostLoginOneTimeRequestValidator.ts | 100 | 100 | 100 | 100 |
PostLoginSsoRequestValidator.ts | 100 | 100 | 100 | 100 |
PostOperatorAddRequestValidator.ts | 100 | 100 | 100 | 100 |
PostSessionRequestValidator.ts | 100 | 100 | 100 | 100 |
PostUserInfoListRequestValidator.ts | 100 | 100 | 100 | 100 |
PostUserInfoRequestValidator.ts | 100 | 100 | 100 | 100 |
PostUserInfoSearchRequestValidator.ts | 100 | 100 | 100 | 100 |
PutOperatorRepRequestValidator.ts | 100 | 100 | 100 | 100 |
PutPasswordRequestValidator.ts | 100 | 100 | 100 | 100 |
UserInformationRequestValidator.ts | 100 | 100 | 100 | 100 |
services | 97.45 | 97.47 | 100 | 97.37 |
IdService_Stub.ts | 100 | 100 | 100 | 100 |
IdentifyCodeService.ts | 100 | 100 | 100 | 100 |
LoginService.ts | 90.87 | 98 | 100 | 90.69 | 260-272,290-302,477,486
LogoutService.ts | 97.91 | 87.5 | 100 | 97.77 | 60
OperatorService.ts | 99 | 97.17 | 100 | 98.98 | 563,587,638,1258-1259,1287,1375
PasswordService.ts | 100 | 100 | 100 | 100 |
SessionService.ts | 97.01 | 87.5 | 100 | 96.87 | 65-66
SmsVerificateService.ts | 94.64 | 100 | 100 | 94.33 | 95-99
UserInfoService.ts | 100 | 100 | 100 | 100 |
services/dto | 100 | 100 | 100 | 100 |
IdentifyCodeServiceDto.ts | 100 | 100 | 100 | 100 |
LoginServiceDto.ts | 100 | 100 | 100 | 100 |
LogoutServiceDto.ts | 100 | 100 | 100 | 100 |
OperatorServiceDto.ts | 100 | 100 | 100 | 100 |
PasswordServiceDto.ts | 100 | 100 | 100 | 100 |
SessionServiceDto.ts | 100 | 100 | 100 | 100 |
SmsVerificateServiceDto.ts | 100 | 100 | 100 | 100 |
UserInfoServiceDto.ts | 100 | 100 | 100 | 100 |
-------------------------------------------------|---------|----------|---------|---------|---------------------------------
Summary of all failing tests
FAIL src/tests/09-01.OperatorSession.spec.ts (1276 MB heap size)
● operator API › セッション確認 › 正常(appロールなし)
expect(received).toBe(expected) // Object.is equality
Expected: 200
Received: 401
333 |
334 | // レスポンスチェック
> 335 | expect(response.status).toBe(200);
| ^
336 | expect(response.body.operatorId).toBe(4);
337 | expect(response.body.loginId).toBe('app_staff02');
338 | expect(response.body.passwordChangedFlg).toBe(false);
at src/tests/09-01.OperatorSession.spec.ts:335:37
at fulfilled (src/tests/09-01.OperatorSession.spec.ts:5:58)
FAIL src/tests/16-02.IndSmsVerificateVerifiy.spec.ts (2118 MB heap size)
● operator API › SMS検証コード検証 › 正常
expect(received).toBe(expected) // Object.is equality
Expected: 200
Received: 400
102 | smsVerificationCode: '123456'
103 | }));
> 104 | expect(response.status).toBe(200);
| ^
105 | expect(JSON.stringify(response.body)).toBe(JSON.stringify(
106 | { result: 'success' }
107 | ));
at src/tests/16-02.IndSmsVerificateVerifiy.spec.ts:104:37
at fulfilled (src/tests/16-02.IndSmsVerificateVerifiy.spec.ts:5:58)
Test Suites: 2 failed, 26 passed, 28 total
Tests: 2 failed, 367 passed, 369 total
Snapshots: 0 total
Time: 84.897 s
Ran all test suites.$ npm audit
# npm audit report
class-transformer <0.3.1
Severity: moderate
Prototype pollution in class-transformer - https://github.com/advisories/GHSA-6gp3-h3jj-prx4
fix available via `npm audit fix --force`
Will install class-transformer@0.5.1, which is a breaking change
node_modules/class-transformer
node_modules/routing-controllers/node_modules/class-transformer
routing-controllers 0.6.0-alpha - 0.10.0
Depends on vulnerable versions of class-transformer
Depends on vulnerable versions of class-validator
node_modules/routing-controllers
class-validator <=0.13.2
Severity: critical
SQL Injection and Cross-site Scripting in class-validator - https://github.com/advisories/GHSA-fj58-h2fr-3pp2
Depends on vulnerable versions of validator
Depends on vulnerable versions of validator
fix available via `npm audit fix --force`
Will install class-validator@0.14.0, which is a breaking change
node_modules/class-validator
node_modules/routing-controllers/node_modules/class-validator
log4js <6.4.0
Severity: moderate
Incorrect Default Permissions in log4js - https://github.com/advisories/GHSA-82v2-mx6x-wq7q
fix available via `npm audit fix --force`
Will install log4js@6.9.1, which is outside the stated dependency range
node_modules/log4js
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie
validator <=13.6.0
Severity: moderate
Inefficient Regular Expression Complexity in Validator.js - https://github.com/advisories/GHSA-xx4c-jj58-r7x6
Inefficient Regular Expression Complexity in validator.js - https://github.com/advisories/GHSA-qgmg-gppg-76g5
fix available via `npm audit fix --force`
Will install class-validator@0.14.0, which is a breaking change
node_modules/routing-controllers/node_modules/validator
node_modules/validator
7 vulnerabilities (5 moderate, 2 critical)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.commit 1bc7199のように、node 20(v20.7.0)で動作可能かつ、現時点で可能な限りの脆弱性に対応した最小バージョンのライブラリに更新すると、2個のmoderateな脆弱性のみ残存する。
requestライブラリに起因しており、この脆弱性の修正にはaxios等のメンテナンスされている代替ライブラリの選定と、代替ライブラリに即したプロダクトコードの変更が必要となる。diff --git a/package.json b/package.json
index 7ca0e5d..509ee0c 100644
--- a/package.json
+++ b/package.json
@@ -29,41 +29,35 @@
"usePathForSuiteName": "true"
},
"dependencies": {
- "amqp-ts": "1.5.0",
- "amqplib": "0.5.3",
"blocked-at": "1.2.0",
- "body-parser": "1.19.0",
- "class-transformer": "0.2.3",
- "class-transformer-validator": "0.8.0",
- "class-validator": "0.12.2",
+ "body-parser": "1.19.2",^M
+ "class-transformer": "^0.5.1",^M
+ "class-transformer-validator": "^0.9.1",^M
+ "class-validator": "^0.14.0",^M
"cloud-config-client": "1.4.2",
"config": "3.2.2",
- "connect-redis": "3.4.2",
"cookie-parser": "1.4.5",
"copy-to": "2.0.1",
"cors": "2.8.5",
"cross-env": "7.0.2",
"csrf": "^3.1.0",
- "express": "4.17.1",
+ "express": "4.17.3",^M
"express-session": "1.16.2",
"express-winston": "3.2.1",
"glob": "7.1.4",
- "helmet": "3.18.0",
+ "helmet": "^3.23.3",^M
"js-yaml": "3.13.1",
- "log4js": "6.1.2",
- "moment-timezone": "0.5.31",
- "mongodb": "3.2.7",
- "mongoose": "5.6.6",
- "node-fetch": "2.6.0",
+ "log4js": "6.9.1",^M
+ "moment-timezone": "0.5.43",^M
+ "node-fetch": "^2.6.0",^M
"node-health-service": "1.0.7",
- "node-rest-client": "3.1.0",
- "redis": "2.8.0",
+ "node-rest-client": "^3.1.1",^M
"request": "2.88.2",
"request-context": "2.0.0",
- "routing-controllers": "0.7.7",
+ "routing-controllers": "^0.10.4",^M
"sprintf-js": "1.1.2",
- "swagger-ui-express": "4.0.7",
- "typed-rest-client": "1.5.0",
+ "swagger-ui-express": "^4.1.3",^M
+ "typed-rest-client": "^1.8.4",^M
"typedi": "0.8.0",
"typeorm-typedi-extensions": "0.2.3",
"url-join": "4.0.1",
@@ -75,38 +69,29 @@
"zipkin-transport-http": "0.18.6"
},
"devDependencies": {
- "@types/amqplib": "0.5.13",
"@types/bluebird": "3.5.27",
- "@types/body-parser": "1.17.0",
+ "@types/body-parser": "1.19.2",^M
"@types/config": "0.0.34",
- "@types/connect-redis": "0.0.10",
"@types/cookie-parser": "1.4.2",
"@types/cors": "2.8.5",
- "@types/express": "4.17.0",
- "@types/express-session": "1.15.13",
- "@types/glob": "7.1.1",
- "@types/helmet": "0.0.35",
+ "@types/express": "4.17.3",^M
+ "@types/express-session": "1.15.16",^M
+ "@types/glob": "7.1.4",^M
"@types/jest": "^25.2.3",
- "@types/js-yaml": "3.9.0",
- "@types/log4js": "2.3.5",
- "@types/moment-timezone": "0.5.13",
- "@types/mongodb": "3.1.30",
- "@types/mongoose": "5.5.9",
+ "@types/js-yaml": "3.12.5",^M
"@types/node": "^18.16.10",
"@types/pg": "7.11.2",
- "@types/redis": "2.8.13",
"@types/request": "2.48.5",
"@types/sprintf-js": "1.1.2",
"@types/supertest": "2.0.8",
- "@types/swagger-ui-express": "3.0.1",
- "@types/url-join": "4.0.0",
+ "@types/swagger-ui-express": "^4.1.3",^M
+ "@types/url-join": "4.0.1",^M
"@types/uuid": "3.4.5",
"@typescript-eslint/eslint-plugin": "2.6.1",
"@typescript-eslint/parser": "2.6.1",
"eslint": "6.6.0",
"eslint-config-prettier": "6.5.0",
"eslint-config-standard": "14.1.0",
- "eslint-loader": "3.0.2",
"eslint-plugin-import": "2.18.2",
"eslint-plugin-jest": "23.8.1",
"eslint-plugin-node": "10.0.0",
@@ -125,9 +110,9 @@
"supertest": "^6.3.3",
"ts-jest": "^29.1.0",
"ts-loader": "6.2.1",
- "ts-node": "8.3.0",
+ "ts-node": "^10.7.0",^M
"typeorm": "^0.3.17",
"typescript": "^4.9.5",
- "xunit-file": "1.0.0"
+ "xunit-file": "^2.0.0"^M
}
}$ npm audit
# npm audit report
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie
2 moderate severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.なおlog4jsの脆弱性に対応するためにバージョンアップすると、設定ファイルの書き方が変わるため、config/log4js.config.jsonの修正(daysToKeep -> numBackups) も必要となる。
diff --git a/config/log4js.config.json b/config/log4js.config.json
index 06f0d7b..8894dba 100644
--- a/config/log4js.config.json
+++ b/config/log4js.config.json
@@ -7,7 +7,7 @@
"type": "dateFile",
"filename": "./logs/system.log",
"pattern": ".yyyy-MM-dd",
- "daysToKeep": 30,
+ "numBackups": 30,^M
"alwaysIncludePattern": false,
"layout": {
"type": "pattern",
@@ -18,7 +18,7 @@
"type": "dateFile",
"filename": "./logs/http.log",
"pattern": ".yyyy-MM-dd",
- "daysToKeep": 30,
+ "numBackups": 30,^M
"alwaysIncludePattern": false,
"layout": {
"type": "pattern",
@@ -29,7 +29,7 @@
"type": "dateFile",
"filename": "./logs/access.log",
"pattern": ".yyyy-MM-dd",
- "daysToKeep": 30,
+ "numBackups": 30,^M
"alwaysIncludePattern": false,
"layout": {
"type": "pattern",
@@ -40,7 +40,7 @@
"type": "dateFile",
"filename": "./logs/application.log",
"pattern": ".yyyy-MM-dd",
- "daysToKeep": 30,
+ "numBackups": 30,^M
"alwaysIncludePattern": false,
"layout": {
"type": "pattern",
@@ -51,7 +51,7 @@
"type": "dateFile",
"filename": "./logs/performance.log",
"pattern": ".yyyy-MM-dd",
- "daysToKeep": 30,
+ "numBackups": 30,^M
"alwaysIncludePattern": false,
"layout": {
"type": "pattern",
@@ -98,4 +98,4 @@
"level": "all"
}
}
-}
\ No newline at end of file
+}^Mまた多くのunittestがfailするため、unittestコードの大幅な修正も必要となると見込まれる。
Test Suites: 25 failed, 3 passed, 28 total Tests: 264 failed, 105 passed, 369 total
nmatsui
commented
1 year ago @itoshot 上で記載した脆弱性が解消された状態のコードをfix/#16にpushしています。unittestの問題が解決していないので、pull requestは送っていません。
smit-akiyama
commented
8 months ago Node.js 18に対応したコードをdevelopブランチにマージしました。 本件はクローズいたします。
現在の状況
2 で node バージョンを 12 から 18 へ更新したが、依存関係を解決できていない。また、それに伴う脆弱性を解消できていない。