atomist[bot]
commented
3 years ago Pull request auto merged:
- No reviews
- 1 successful check
Closed atomist[bot] closed 3 years ago
atomist[bot]
commented
3 years ago Pull request auto merged:
This pull request fixes security vulnerabilities open on 623d23d but 1 moderate vulnerability remains open and needs manual review.
npm audit fixupdated the following npm dependencies:glob-parent5.1.1 > 5.1.2Fixed vulnerabilities
Following security vulnerability is fixed:
glob-parent
Regular expression denial of service Upgrade to version 5.1.2 or later moderate ·
<5.1.2· CVE-2020-28469 · automatic fix availableglob-parent@5.1.1· 4 vulnerable paths@atomist/skill > @graphql-codegen/cli > @graphql-tools/load > globby > fast-glob > glob-parent@atomist/skill > @graphql-codegen/cli > chokidar > glob-parent@atomist/skill > @graphql-codegen/cli > graphql-config > @graphql-tools/load > globby > fast-glob > glob-parent@atomist/skill > fast-glob > glob-parentOpen vulnerabilities
Following security vulnerability remains open and needs manual review:
ws
Regular Expression Denial of Service Upgrade to version 6.2.2 or 7.4.6 or later moderate ·
>=5.0.0 <6.2.2 || >=7.0.0 <7.4.6· CVE-2021-32640 · automatic fix availablews@7.4.5· 3 vulnerable paths@atomist/skill > @graphql-codegen/cli > @graphql-tools/prisma-loader > @graphql-tools/url-loader > ws@atomist/skill > @graphql-codegen/cli > @graphql-tools/url-loader > ws@atomist/skill > @graphql-codegen/cli > graphql-config > @graphql-tools/url-loader > wsFile changed:
package-lock.jsonatomist/npm-vulnerability-scanner-skill · Configure