Closed MikeMcC399 closed 2 years ago
I plan to submit a PR to resolve this issue, unless the Open Source Team merges https://github.com/corona-warn-app/cwa-documentation/pull/875 (which solves the minimist
issue, but not the markdown-link-check
issue.)
Before submitting a new PR which affects package-lock.json
I would wait for PR https://github.com/corona-warn-app/cwa-documentation/pull/896 to be merged, otherwise there will be a conflict.
@MikeMcC399 thanks for your offer to submit a PR. We would appreciate it. Your previous PR #896 has been merged
@larswmh
thanks for your offer to submit a PR. We would appreciate it. Your previous PR #896 has been merged.
npm audit
no longer shows any critical vulnerability.
8 vulnerabilities (2 low, 3 moderate, 3 high)
Problem description
Dependabot alert shows "Prototype Pollution in minimist" with severity "Critical" for cwa-documentation with resolution
"minimist": ">=1.2.6"
Steps to reproduce the issue
Execute:
npm audit
Expected behavior
There should be no critical vulnerabilities flagged in the repository.
Possible Fix
markdown-link-check
to version ~3.8.7. This avoids failures which occur in versions 3.9 and 3.10 when executingnpm run checklinks
npm audit fix