Closed atomist[bot] closed 2 years ago
Thanks for your contribution!
This pull request has been automatically marked with stale because it has not had any activity in last 50 days. It will be closed in 7 days if no further activity occurs. To prevent closing, label with defer or blocked or any of the changelog: labels.
This pull request fixes security vulnerabilities open on 9ce10db but 1 moderate vulnerability remains open and needs manual review.
npm audit fix
updated the following npm dependencies:ansi-regex
5.0.0, 3.0.0 > 5.0.1Fixed vulnerabilities
Following security vulnerability is fixed:
ansi-regex
Inefficient Regular Expression Complexity in chalk/ansi-regex Upgrade to version 5.0.1 or later moderate ·
>2.1.1 <5.0.1
· CVE-2021-3807 · automatic fix availableansi-regex@5.0.0
· 8 vulnerable paths@atomist/skill > @atomist/skill-logging > @google-cloud/logging > google-gax > @grpc/proto-loader > yargs > cliui > string-width > strip-ansi > ansi-regex
@atomist/skill > @atomist/skill-logging > @google-cloud/logging > google-gax > @grpc/proto-loader > yargs > cliui > wrap-ansi > string-width > strip-ansi > ansi-regex
@atomist/skill > @google-cloud/pubsub > google-gax > @grpc/proto-loader > yargs > cliui > string-width > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/cli > yargs > cliui > string-width > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/cli > yargs > cliui > wrap-ansi > string-width > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/typescript-operations > @graphql-codegen/typescript > @graphql-codegen/visitor-plugin-common > @graphql-tools/relay-operation-optimizer > relay-compiler > yargs > cliui > wrap-ansi > string-width > strip-ansi > ansi-regex
@atomist/skill > yargs > cliui > string-width > strip-ansi > ansi-regex
@atomist/skill > yargs > string-width > strip-ansi > ansi-regex
ansi-regex@3.0.0
· 3 vulnerable paths@atomist/skill > @graphql-codegen/cli > listr-update-renderer > log-update > wrap-ansi > string-width > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/cli > listr-update-renderer > log-update > wrap-ansi > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/cli > listr > listr-update-renderer > log-update > wrap-ansi > string-width > strip-ansi > ansi-regex
Open vulnerabilities
Following security vulnerability remains open and needs manual review:
ansi-regex
Inefficient Regular Expression Complexity in chalk/ansi-regex Upgrade to version 5.0.1 or later moderate ·
>2.1.1 <5.0.1
· CVE-2021-3807 · automatic fix availableansi-regex@3.0.0
· 3 vulnerable paths@atomist/skill > @graphql-codegen/cli > listr-update-renderer > log-update > wrap-ansi > string-width > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/cli > listr-update-renderer > log-update > wrap-ansi > strip-ansi > ansi-regex
@atomist/skill > @graphql-codegen/cli > listr > listr-update-renderer > log-update > wrap-ansi > string-width > strip-ansi > ansi-regex
File changed:
package-lock.json
atomist/npm-vulnerability-scanner-skill · Configure