Open jeffbski-rga opened 1 week ago
I overrided the sinon version to 18.0.0 in package.json to avoid the vulnerability and all features that I use from aws-sdk-client-mock still working.
to reproduce in your projects add this in package.json:
"overrides": {
"sinon": "^18.0.0"
}
Thanks @mrRodrigo I also am doing so while waiting for this to land in master. I used a more specific override for this package.
"overrides": {
"aws-sdk-client-mock": {
"sinon": "^18.0.1",
"@types/sinon": "^17.0.3"
}
},
You might merge in the PR #237 to resolve this
npm audit report
path-to-regexp 0.2.0 - 7.2.0 Severity: high path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j No fix available node_modules/path-to-regexp nise <=6.0.0 Depends on vulnerable versions of path-to-regexp node_modules/nise sinon 3.0.0 - 17.0.2 Depends on vulnerable versions of nise node_modules/sinon aws-sdk-client-mock Depends on vulnerable versions of sinon node_modules/aws-sdk-client-mock aws-sdk-client-mock-jest Depends on vulnerable versions of aws-sdk-client-mock node_modules/aws-sdk-client-mock-jest