Npm audit states that the current version uses "semver" that has DDOS vulns
semver <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via npm audit fix --force
Will install applicationinsights@1.0.8, which is a breaking change
node_modules/async-listener/node_modules/semver
node_modules/cls-hooked/node_modules/semver
node_modules/diagnostic-channel/node_modules/semver
node_modules/jsonwebtoken/node_modules/semver
node_modules/muhammara/node_modules/make-dir/node_modules/semver
node_modules/muhammara/node_modules/semver
async-listener >=0.6.4
Depends on vulnerable versions of semver
node_modules/async-listener
cls-hooked 4.2.0 - 4.2.2
Depends on vulnerable versions of semver
node_modules/cls-hooked
applicationinsights >=0.20.0
Depends on vulnerable versions of cls-hooked
Depends on vulnerable versions of diagnostic-channel
node_modules/applicationinsights
Npm audit states that the current version uses "semver" that has DDOS vulns
semver <7.5.2 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw fix available via
npm audit fix --force
Will install applicationinsights@1.0.8, which is a breaking change node_modules/async-listener/node_modules/semver node_modules/cls-hooked/node_modules/semver node_modules/diagnostic-channel/node_modules/semver node_modules/jsonwebtoken/node_modules/semver node_modules/muhammara/node_modules/make-dir/node_modules/semver node_modules/muhammara/node_modules/semver async-listener >=0.6.4 Depends on vulnerable versions of semver node_modules/async-listener cls-hooked 4.2.0 - 4.2.2 Depends on vulnerable versions of semver node_modules/cls-hooked applicationinsights >=0.20.0 Depends on vulnerable versions of cls-hooked Depends on vulnerable versions of diagnostic-channel node_modules/applicationinsightsAny timetable to mitigate the problem ?