There is a critical security vulnerability in vm2, a dependency of degenerator:
vm2 *
Severity: critical
vm2 Sandbox Escape vulnerability - https://github.com/advisories/GHSA-cchq-frgv-rjh5
fix available via `npm audit fix`
node_modules/vm2
degenerator 3.0.0 - 4.0.4
Depends on vulnerable versions of vm2
node_modules/snowflake-sdk/node_modules/degenerator
npm install message warns that this package should not be used:
npm WARN deprecated vm2@3.9.19: The library contains critical security issues and should not be used for production! The maintenance of the project has been discontinued. Consider migrating your code to isolated-vm.
There is a critical security vulnerability in
vm2
, a dependency of degenerator:npm install
message warns that this package should not be used:There is also this issue with a notice from the maintainer: https://github.com/patriksimek/vm2/issues/533