This project looks exactly like what I've been looking for and looks pretty high-quality too, with tests and all. 🙌
Thanks for the great work @berenddeboer. ❤️
When installing though, I discovered there are a few packages used which have known vulnerabilities. It'd be fantastic to get a new version released with those issues fixed. 🙏
Output of npm audit
```
# npm audit report
fast-xml-parser <=4.2.3
Severity: high
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name - https://github.com/advisories/GHSA-x3cc-x39p-42qx
fast-xml-parser vulnerable to Regex Injection via Doctype Entities - https://github.com/advisories/GHSA-6w63-h3fj-q4vw
No fix available
node_modules/cdk-rds-sql/node_modules/fast-xml-parser
@aws-sdk/client-sts <=3.54.1 || 3.55.0 - 3.186.0 || 3.188.0 - 3.272.0
Depends on vulnerable versions of fast-xml-parser
node_modules/cdk-rds-sql/node_modules/@aws-sdk/client-sts
@aws-sdk/client-secrets-manager 3.12.0 - 3.272.0
Depends on vulnerable versions of @aws-sdk/client-sts
node_modules/cdk-rds-sql/node_modules/@aws-sdk/client-secrets-manager
cdk-rds-sql *
Depends on vulnerable versions of @aws-sdk/client-secrets-manager
node_modules/cdk-rds-sql
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix`
node_modules/cdk-rds-sql/node_modules/xml2js
aws-sdk <=2.1353.0
Depends on vulnerable versions of xml2js
node_modules/cdk-rds-sql/node_modules/aws-sdk
6 vulnerabilities (2 moderate, 4 high)
To address issues that do not require attention, run:
npm audit fix
Some issues need review, and may require choosing
a different dependency.
```
In case you haven't done so, maybe enabling "Dependabot security updates" in the repository settings can help make maintenance easier for you. 🎛️
berenddeboer
commented
6 months ago
Heya. 👋🙂
This project looks exactly like what I've been looking for and looks pretty high-quality too, with tests and all. 🙌
Thanks for the great work @berenddeboer. ❤️
When installing though, I discovered there are a few packages used which have known vulnerabilities. It'd be fantastic to get a new version released with those issues fixed. 🙏
Output of
``` # npm audit report fast-xml-parser <=4.2.3 Severity: high fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name - https://github.com/advisories/GHSA-x3cc-x39p-42qx fast-xml-parser vulnerable to Regex Injection via Doctype Entities - https://github.com/advisories/GHSA-6w63-h3fj-q4vw No fix available node_modules/cdk-rds-sql/node_modules/fast-xml-parser @aws-sdk/client-sts <=3.54.1 || 3.55.0 - 3.186.0 || 3.188.0 - 3.272.0 Depends on vulnerable versions of fast-xml-parser node_modules/cdk-rds-sql/node_modules/@aws-sdk/client-sts @aws-sdk/client-secrets-manager 3.12.0 - 3.272.0 Depends on vulnerable versions of @aws-sdk/client-sts node_modules/cdk-rds-sql/node_modules/@aws-sdk/client-secrets-manager cdk-rds-sql * Depends on vulnerable versions of @aws-sdk/client-secrets-manager node_modules/cdk-rds-sql xml2js <0.5.0 Severity: moderate xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc fix available via `npm audit fix` node_modules/cdk-rds-sql/node_modules/xml2js aws-sdk <=2.1353.0 Depends on vulnerable versions of xml2js node_modules/cdk-rds-sql/node_modules/aws-sdk 6 vulnerabilities (2 moderate, 4 high) To address issues that do not require attention, run: npm audit fix Some issues need review, and may require choosing a different dependency. ```npm auditIn case you haven't done so, maybe enabling "Dependabot security updates" in the repository settings can help make maintenance easier for you. 🎛️
Greetings from Berlin. 👋