atomist[bot]
commented
3 years ago Pull request auto merged:
- No reviews
- 1 successful check
Closed atomist[bot] closed 3 years ago
atomist[bot]
commented
3 years ago Pull request auto merged:
This pull request fixes 1 high security vulnerability open on 751406a but 1 moderate vulnerability remains open and needs manual review.
npm audit fixupdated the following npm dependencies:normalize-url4.5.0, 3.3.0 > 4.5.1parse-url4.5.0, 3.3.0 > 5.0.3Fixed vulnerabilities
Following security vulnerability is fixed:
normalize-url
Regular Expression Denial of Service Upgrade to versions 4.5.1, 5.3.1, 6.0.1 or later high ·
<4.5.1 || >=5.0.0 <5.3.1 || >=6.0.0 <6.0.1· CVE-2021-33502 · automatic fix availablenormalize-url@4.5.0· 1 vulnerable path@atomist/skill > @graphql-codegen/cli > latest-version > package-json > got > cacheable-request > normalize-urlnormalize-url@3.3.0· 1 vulnerable path@atomist/skill > git-url-parse > git-up > parse-url > normalize-urlOpen vulnerabilities
Following security vulnerability remains open and needs manual review:
ws
Regular Expression Denial of Service Upgrade to version 6.2.2 or 7.4.6 or later moderate ·
>=5.0.0 <6.2.2 || >=7.0.0 <7.4.6· CVE-2021-32640 · automatic fix availablews@7.4.5· 3 vulnerable paths@atomist/skill > @graphql-codegen/cli > @graphql-tools/prisma-loader > @graphql-tools/url-loader > ws@atomist/skill > @graphql-codegen/cli > @graphql-tools/url-loader > ws@atomist/skill > @graphql-codegen/cli > graphql-config > @graphql-tools/url-loader > wsFile changed:
package-lock.jsonatomist/npm-vulnerability-scanner-skill · Configure