search

iaincollins / structured-data-testing-tool

A library and command line tool to help inspect and test for Structured Data.
https://www.npmjs.com/package/structured-data-testing-tool
ISC License
63 stars 14 forks source link

Fix npm critical security issues #48

Open ignaciocarre opened 11 months ago

ignaciocarre commented 11 months ago

Summary

Upgrade dependencies with critical npm security warnings

Detail

After running npm audit we found that sdtt was having 1 critical notice:

# npm audit report

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
No fix available
node_modules/web-auto-extractor/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/web-auto-extractor/node_modules/css-select
    cheerio  0.19.0 - 1.0.0-rc.3
    Depends on vulnerable versions of css-select
    node_modules/web-auto-extractor/node_modules/cheerio
      web-auto-extractor  *
      Depends on vulnerable versions of cheerio
      node_modules/web-auto-extractor
        structured-data-testing-tool  *
        Depends on vulnerable versions of web-auto-extractor
        node_modules/structured-data-testing-tool

Checklist

If you would like your code to be merged into master and released, please complete this checklist and raise a Pull Request.

iaincollins commented 11 months ago

Thanks for raising this, I'll test it and if it al seems fine merge it and get it published later today (good reminder that I should really automate the pipeline…)

ignaciocarre commented 11 months ago

Great @iaincollins!, I did run all the tests in my local env, all passing here. Automation sounds even better, having all those greens on this PR would be a relief 😅

Hope you can merge it asap, thanks!