jsonresume / jsonresume-theme-modern

Prototyping a theming system based off NPM.
https://themes.jsonresume.org/theme/modern
MIT License
14 stars 39 forks source link

[DepShield] (CVSS 7.5) Vulnerability due to usage of socket.io-parser:3.3.2 #21

Closed sonatype-depshield[bot] closed 3 years ago

sonatype-depshield[bot] commented 3 years ago

Vulnerabilities

DepShield reports that this application's usage of socket.io-parser:3.3.2 results in the following vulnerability(s):


Occurrences

socket.io-parser:3.3.2 is a transitive dependency introduced by the following direct dependency(s):

resume-cli:3.0.5         └─ browser-sync:2.27.4               └─ browser-sync-ui:2.27.4                     └─ socket.io-client:2.4.0                           └─ socket.io-parser:3.3.2

This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.

SethFalco commented 3 years ago

Just closing all vulnerability issues except one, since ultimately the issue lies in resume-cli.