Closed atomist[bot] closed 3 years ago
This pull request fixes 1 high security vulnerability open on c8d1eff but 1 moderate vulnerability remains open and needs manual review.
npm audit fix updated the following npm dependencies:
npm audit fix
normalize-url
parse-url
Following security vulnerability is fixed:
Regular Expression Denial of Service Upgrade to versions 4.5.1, 5.3.1, 6.0.1 or later high · <4.5.1 || >=5.0.0 <5.3.1 || >=6.0.0 <6.0.1 · CVE-2021-33502 · automatic fix available
<4.5.1 || >=5.0.0 <5.3.1 || >=6.0.0 <6.0.1
normalize-url@4.5.0
@atomist/skill > @graphql-codegen/cli > latest-version > package-json > got > cacheable-request > normalize-url
normalize-url@3.3.0
@atomist/skill > git-url-parse > git-up > parse-url > normalize-url
git-url-parse > git-up > parse-url > normalize-url
Following security vulnerability remains open and needs manual review:
Regular Expression Denial of Service Upgrade to version 6.2.2 or 7.4.6 or later moderate · >=5.0.0 <6.2.2 || >=7.0.0 <7.4.6 · CVE-2021-32640 · automatic fix available
>=5.0.0 <6.2.2 || >=7.0.0 <7.4.6
ws@7.4.5
@atomist/skill > @graphql-codegen/cli > @graphql-tools/prisma-loader > @graphql-tools/url-loader > ws
@atomist/skill > @graphql-codegen/cli > @graphql-tools/url-loader > ws
@atomist/skill > @graphql-codegen/cli > graphql-config > @graphql-tools/url-loader > ws
File changed:
package-lock.json
atomist/npm-vulnerability-scanner-skill · Configure
Pull request auto merged:
This pull request fixes 1 high security vulnerability open on c8d1eff but 1 moderate vulnerability remains open and needs manual review.
npm audit fix
updated the following npm dependencies:normalize-url
4.5.0, 3.3.0 > 4.5.1parse-url
4.5.0, 3.3.0 > 5.0.3Fixed vulnerabilities
Following security vulnerability is fixed:
normalize-url
Regular Expression Denial of Service Upgrade to versions 4.5.1, 5.3.1, 6.0.1 or later high ·
<4.5.1 || >=5.0.0 <5.3.1 || >=6.0.0 <6.0.1
· CVE-2021-33502 · automatic fix availablenormalize-url@4.5.0
· 1 vulnerable path@atomist/skill > @graphql-codegen/cli > latest-version > package-json > got > cacheable-request > normalize-url
normalize-url@3.3.0
· 2 vulnerable paths@atomist/skill > git-url-parse > git-up > parse-url > normalize-url
git-url-parse > git-up > parse-url > normalize-url
Open vulnerabilities
Following security vulnerability remains open and needs manual review:
ws
Regular Expression Denial of Service Upgrade to version 6.2.2 or 7.4.6 or later moderate ·
>=5.0.0 <6.2.2 || >=7.0.0 <7.4.6
· CVE-2021-32640 · automatic fix availablews@7.4.5
· 3 vulnerable paths@atomist/skill > @graphql-codegen/cli > @graphql-tools/prisma-loader > @graphql-tools/url-loader > ws
@atomist/skill > @graphql-codegen/cli > @graphql-tools/url-loader > ws
@atomist/skill > @graphql-codegen/cli > graphql-config > @graphql-tools/url-loader > ws
File changed:
package-lock.json
atomist/npm-vulnerability-scanner-skill · Configure