langthiennhai
commented
1 year ago I also got the same error.
Closed MassivDash closed 6 months ago
langthiennhai
commented
1 year ago I also got the same error.
langthiennhai
commented
1 year ago While waiting for the patch. Doing npm override can solve the problem.
package.json "overrides": { "semver": "7.5.3" }
Npm audit states that the current version uses "semver" that has DDOS vulns
semver <7.5.2 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw fix available via
npm audit fix --forceWill install applicationinsights@1.0.8, which is a breaking change node_modules/async-listener/node_modules/semver node_modules/cls-hooked/node_modules/semver node_modules/diagnostic-channel/node_modules/semver node_modules/jsonwebtoken/node_modules/semver node_modules/muhammara/node_modules/make-dir/node_modules/semver node_modules/muhammara/node_modules/semver async-listener >=0.6.4 Depends on vulnerable versions of semver node_modules/async-listener cls-hooked 4.2.0 - 4.2.2 Depends on vulnerable versions of semver node_modules/cls-hooked applicationinsights >=0.20.0 Depends on vulnerable versions of cls-hooked Depends on vulnerable versions of diagnostic-channel node_modules/applicationinsightsAny timetable to mitigate the problem ?