grpc / grpc-node

gRPC for Node.js
https://grpc.io
Apache License 2.0
4.48k stars 648 forks source link

Snyk.io vulnerable package ansi-regex #2321

Open sandipdhagdi opened 1 year ago

sandipdhagdi commented 1 year ago

Problem description

Facing sca issue in below path. Could you please update this. grpc-tools@1.12.3 > @mapbox/node-pre-gyp@1.0.5 > npmlog@4.1.2 > gauge@2.7.4 > strip-ansi@3.0.1 > ansi-regex@2.1.1

Environment

Currently I am using Node-16

shaileshct09021 commented 1 year ago

I'm also blocked on this issue. Can someone please look into this?

murgatroid99 commented 1 year ago

grpc-tools depends on @mapbox/node-pre-gyp with the version range ^1.0.5. It should pick up the new version automatically.

sandipdhagdi commented 1 year ago

Ohh Sorry but I didnt understood your comment @mur

grpc-tools depends on @mapbox/node-pre-gyp with the version range ^1.0.5. It should pick up the new version automatically.

Ohh, Sorry but I dint understood your comment. I checked in package-lock.json it it showing the dependency on this package ansi-regex@2.1.1. Any clue how can I resolve this.

murgatroid99 commented 1 year ago

Please try running npm audit fix.