npm audit failure since 3.1.2 on package "14"

bjowes / cypress-ntlm-auth

Windows authentication plugin for Cypress

MIT License

55 stars 10 forks source link

npm audit failure since 3.1.2 on package "14" #151

Closed Arjan321 closed 3 years ago

Arjan321 commented 3 years ago

Hi, in version 3.1.2 a dependency on package "14" was introduced that causes an (very old) npm audit failure:

 Low             Regular Expression Denial of Service
Package         clean-css
Patched in      >=4.1.11
Dependency of   cypress-ntlm-auth [dev]
Path            cypress-ntlm-auth > 14 > gulp-minify-css > clean-css
More info       https://npmjs.com/advisories/785

Given that both 14 and gulp-minify-css seem unmaintained, can this be fixed somehow in cypress-ntlm-auth?

bjowes commented 3 years ago

Thanks for reporting this. The package 14 must have been added by mistake, it’s not used by the plug-in. I’m preparing a patched release where I clean up unused dependencies.