Closed atomist[bot] closed 3 years ago
This pull request fixes 1 moderate security vulnerability open on 3ed9c6d but 1 critical and 1 moderate vulnerabilities remain open and need manual review.
npm audit fix updated the following npm dependencies:
npm audit fix
hosted-git-info
path-parse
Following security vulnerabilities are fixed:
Regular Expression Denial of Service in path-parse Upgrade to version 1.0.7 or later moderate · <1.0.7 · CVE-2021-23343 · automatic fix available
<1.0.7
path-parse@1.0.6
@atomist/skill > @google-cloud/functions-framework > read-pkg-up > read-pkg > normalize-package-data > resolve > path-parse
Regular Expression Denial of Service in hosted-git-info Upgrade to version 2.8.9 or later moderate · <2.8.9 · CVE-2021-23362 · automatic fix available
<2.8.9
hosted-git-info@2.8.8
@atomist/skill > @google-cloud/functions-framework > read-pkg-up > read-pkg > normalize-package-data > hosted-git-info
Following security vulnerabilities remain open and need manual review:
Arbitrary code execution in lodash None critical · <=4.17.21 · CVE-2021-41720 · automatic fix available
<=4.17.21
lodash@4.17.21
@atomist/skill > @graphql-codegen/cli > @graphql-codegen/core > @graphql-codegen/plugin-helpers > lodash
@atomist/skill > @graphql-codegen/cli > @graphql-codegen/plugin-helpers > lodash
@atomist/skill > @graphql-codegen/cli > @graphql-tools/prisma-loader > @graphql-tools/url-loader > lodash
@atomist/skill > @graphql-codegen/cli > @graphql-tools/prisma-loader > lodash
@atomist/skill > @graphql-codegen/cli > @graphql-tools/url-loader > lodash
@atomist/skill > @graphql-codegen/cli > graphql-config > @graphql-tools/url-loader > lodash
@atomist/skill > @graphql-codegen/cli > inquirer > lodash
@atomist/skill > @graphql-codegen/typescript-operations > @graphql-codegen/typescript > @graphql-codegen/plugin-helpers > lodash
@atomist/skill > @graphql-codegen/typescript > @graphql-codegen/plugin-helpers > lodash
@atomist/skill > @graphql-codegen/typescript > @graphql-codegen/visitor-plugin-common > @graphql-codegen/plugin-helpers > lodash
Inefficient Regular Expression Complexity in chalk/ansi-regex Upgrade to version 5.0.1 or later moderate · >2.1.1 <5.0.1 · CVE-2021-3807 · automatic fix available
>2.1.1 <5.0.1
ansi-regex@3.0.0
@atomist/skill > @graphql-codegen/cli > listr-update-renderer > log-update > wrap-ansi > string-width > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/cli > listr-update-renderer > log-update > wrap-ansi > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/cli > listr > listr-update-renderer > log-update > wrap-ansi > string-width > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/cli > listr > listr-update-renderer > log-update > wrap-ansi > strip-ansi > ansi-regex
File changed:
package-lock.json
atomist/npm-vulnerability-scanner-skill · Configure
Pull request auto merged:
This pull request fixes 1 moderate security vulnerability open on 3ed9c6d but 1 critical and 1 moderate vulnerabilities remain open and need manual review.
npm audit fix
updated the following npm dependencies:hosted-git-info
2.8.8 > 2.8.9path-parse
1.0.6 > 1.0.7Fixed vulnerabilities
Following security vulnerabilities are fixed:
path-parse
Regular Expression Denial of Service in path-parse Upgrade to version 1.0.7 or later moderate ·
<1.0.7
· CVE-2021-23343 · automatic fix availablepath-parse@1.0.6
· 1 vulnerable path@atomist/skill > @google-cloud/functions-framework > read-pkg-up > read-pkg > normalize-package-data > resolve > path-parse
hosted-git-info
Regular Expression Denial of Service in hosted-git-info Upgrade to version 2.8.9 or later moderate ·
<2.8.9
· CVE-2021-23362 · automatic fix availablehosted-git-info@2.8.8
· 1 vulnerable path@atomist/skill > @google-cloud/functions-framework > read-pkg-up > read-pkg > normalize-package-data > hosted-git-info
Open vulnerabilities
Following security vulnerabilities remain open and need manual review:
lodash
Arbitrary code execution in lodash None critical ·
<=4.17.21
· CVE-2021-41720 · automatic fix availablelodash@4.17.21
· 10 vulnerable paths@atomist/skill > @graphql-codegen/cli > @graphql-codegen/core > @graphql-codegen/plugin-helpers > lodash
@atomist/skill > @graphql-codegen/cli > @graphql-codegen/plugin-helpers > lodash
@atomist/skill > @graphql-codegen/cli > @graphql-tools/prisma-loader > @graphql-tools/url-loader > lodash
@atomist/skill > @graphql-codegen/cli > @graphql-tools/prisma-loader > lodash
@atomist/skill > @graphql-codegen/cli > @graphql-tools/url-loader > lodash
@atomist/skill > @graphql-codegen/cli > graphql-config > @graphql-tools/url-loader > lodash
@atomist/skill > @graphql-codegen/cli > inquirer > lodash
@atomist/skill > @graphql-codegen/typescript-operations > @graphql-codegen/typescript > @graphql-codegen/plugin-helpers > lodash
@atomist/skill > @graphql-codegen/typescript > @graphql-codegen/plugin-helpers > lodash
@atomist/skill > @graphql-codegen/typescript > @graphql-codegen/visitor-plugin-common > @graphql-codegen/plugin-helpers > lodash
ansi-regex
Inefficient Regular Expression Complexity in chalk/ansi-regex Upgrade to version 5.0.1 or later moderate ·
>2.1.1 <5.0.1
· CVE-2021-3807 · automatic fix availableansi-regex@3.0.0
· 4 vulnerable paths@atomist/skill > @graphql-codegen/cli > listr-update-renderer > log-update > wrap-ansi > string-width > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/cli > listr-update-renderer > log-update > wrap-ansi > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/cli > listr > listr-update-renderer > log-update > wrap-ansi > string-width > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/cli > listr > listr-update-renderer > log-update > wrap-ansi > strip-ansi > ansi-regex
File changed:
package-lock.json
atomist/npm-vulnerability-scanner-skill · Configure