Closed atomist[bot] closed 3 years ago
This pull request fixes security vulnerabilities open on 6f8e0d8 but 1 critical and 2 moderate vulnerabilities remain open and need manual review.
npm audit fix updated the following npm dependencies:
npm audit fix
ansi-regex
Following security vulnerability is fixed:
Inefficient Regular Expression Complexity in chalk/ansi-regex Upgrade to version 6.0.1 or later moderate · >=6.0.0 <6.0.1 · CVE-2021-3807 · automatic fix available
>=6.0.0 <6.0.1
ansi-regex@6.0.0
@atomist/skill > strip-ansi > ansi-regex
Following security vulnerabilities remain open and need manual review:
Arbitrary code execution in lodash None critical · <=4.17.21 · CVE-2021-41720 · automatic fix available
<=4.17.21
lodash@4.17.21
@atomist/skill > @graphql-codegen/cli > @graphql-codegen/core > @graphql-codegen/plugin-helpers > lodash
@atomist/skill > @graphql-codegen/cli > @graphql-codegen/plugin-helpers > lodash
@atomist/skill > @graphql-codegen/cli > @graphql-tools/code-file-loader > @graphql-tools/graphql-tag-pluck > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash
@atomist/skill > @graphql-codegen/cli > @graphql-tools/git-loader > @graphql-tools/graphql-tag-pluck > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash
@atomist/skill > @graphql-codegen/cli > @graphql-tools/github-loader > @graphql-tools/graphql-tag-pluck > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash
@atomist/skill > @graphql-codegen/typescript-operations > @graphql-codegen/typescript > @graphql-codegen/visitor-plugin-common > @graphql-tools/relay-operation-optimizer > relay-compiler > @babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash
@atomist/skill > @graphql-codegen/typescript-operations > @graphql-codegen/typescript > @graphql-codegen/visitor-plugin-common > @graphql-tools/relay-operation-optimizer > relay-compiler > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash
@atomist/skill > @graphql-codegen/typescript-operations > @graphql-codegen/visitor-plugin-common > @graphql-tools/relay-operation-optimizer > relay-compiler > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash
@atomist/skill > @graphql-codegen/typescript > @graphql-codegen/visitor-plugin-common > @graphql-tools/relay-operation-optimizer > relay-compiler > @babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash
@atomist/skill > @graphql-codegen/typescript > @graphql-codegen/visitor-plugin-common > @graphql-tools/relay-operation-optimizer > relay-compiler > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash
Inefficient Regular Expression Complexity in chalk/ansi-regex Upgrade to version 5.0.1 or later moderate · >2.1.1 <5.0.1 · CVE-2021-3807 · automatic fix available
>2.1.1 <5.0.1
ansi-regex@3.0.0
@atomist/skill > @graphql-codegen/cli > listr-update-renderer > log-update > wrap-ansi > string-width > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/cli > listr-update-renderer > log-update > wrap-ansi > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/cli > listr > listr-update-renderer > log-update > wrap-ansi > string-width > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/cli > listr > listr-update-renderer > log-update > wrap-ansi > strip-ansi > ansi-regex
File changed:
package-lock.json
atomist/npm-vulnerability-scanner-skill · Configure
This pull request fixes security vulnerabilities open on 6f8e0d8 but 1 critical and 2 moderate vulnerabilities remain open and need manual review.
npm audit fixupdated the following npm dependencies:ansi-regex6.0.0 > 6.0.1Fixed vulnerabilities
Following security vulnerability is fixed:
ansi-regex
Inefficient Regular Expression Complexity in chalk/ansi-regex Upgrade to version 6.0.1 or later moderate ·
>=6.0.0 <6.0.1· CVE-2021-3807 · automatic fix availableansi-regex@6.0.0· 1 vulnerable path@atomist/skill > strip-ansi > ansi-regexOpen vulnerabilities
Following security vulnerabilities remain open and need manual review:
lodash
Arbitrary code execution in lodash None critical ·
<=4.17.21· CVE-2021-41720 · automatic fix availablelodash@4.17.21· 10 vulnerable paths@atomist/skill > @graphql-codegen/cli > @graphql-codegen/core > @graphql-codegen/plugin-helpers > lodash@atomist/skill > @graphql-codegen/cli > @graphql-codegen/plugin-helpers > lodash@atomist/skill > @graphql-codegen/cli > @graphql-tools/code-file-loader > @graphql-tools/graphql-tag-pluck > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash@atomist/skill > @graphql-codegen/cli > @graphql-tools/git-loader > @graphql-tools/graphql-tag-pluck > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash@atomist/skill > @graphql-codegen/cli > @graphql-tools/github-loader > @graphql-tools/graphql-tag-pluck > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash@atomist/skill > @graphql-codegen/typescript-operations > @graphql-codegen/typescript > @graphql-codegen/visitor-plugin-common > @graphql-tools/relay-operation-optimizer > relay-compiler > @babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash@atomist/skill > @graphql-codegen/typescript-operations > @graphql-codegen/typescript > @graphql-codegen/visitor-plugin-common > @graphql-tools/relay-operation-optimizer > relay-compiler > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash@atomist/skill > @graphql-codegen/typescript-operations > @graphql-codegen/visitor-plugin-common > @graphql-tools/relay-operation-optimizer > relay-compiler > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash@atomist/skill > @graphql-codegen/typescript > @graphql-codegen/visitor-plugin-common > @graphql-tools/relay-operation-optimizer > relay-compiler > @babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash@atomist/skill > @graphql-codegen/typescript > @graphql-codegen/visitor-plugin-common > @graphql-tools/relay-operation-optimizer > relay-compiler > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodashansi-regex
Inefficient Regular Expression Complexity in chalk/ansi-regex Upgrade to version 5.0.1 or later moderate ·
>2.1.1 <5.0.1· CVE-2021-3807 · automatic fix availableansi-regex@3.0.0· 4 vulnerable paths@atomist/skill > @graphql-codegen/cli > listr-update-renderer > log-update > wrap-ansi > string-width > strip-ansi > ansi-regex@atomist/skill > @graphql-codegen/cli > listr-update-renderer > log-update > wrap-ansi > strip-ansi > ansi-regex@atomist/skill > @graphql-codegen/cli > listr > listr-update-renderer > log-update > wrap-ansi > string-width > strip-ansi > ansi-regex@atomist/skill > @graphql-codegen/cli > listr > listr-update-renderer > log-update > wrap-ansi > strip-ansi > ansi-regexInefficient Regular Expression Complexity in chalk/ansi-regex Upgrade to version 6.0.1 or later moderate ·
>=6.0.0 <6.0.1· CVE-2021-3807 · automatic fix availableansi-regex@6.0.0· 1 vulnerable path@atomist/skill > strip-ansi > ansi-regexFile changed:
package-lock.jsonatomist/npm-vulnerability-scanner-skill · Configure