search

nuxt-modules / algolia

🔎 Algolia module for Nuxt
https://algolia.nuxtjs.org/
MIT License
189 stars 35 forks source link

High severity dependency vulnerability #138

Closed iotron closed 1 year ago

iotron commented 1 year ago

Version

@nuxtjs/algolia: v1.5.0 nuxt: v3.2.0

Steps to reproduce

Install nuxtjs/algolia and run npm audit

What is actually happening?

# npm audit report

cacheable-request  <10.2.7
Severity: high
cacheable-request depends on http-cache-semantics, which is vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-8x6c-cv3v-vp6g
fix available via `npm audit fix --force`
Will install @nuxtjs/algolia@0.0.0, which is a breaking change
node_modules/cacheable-request
  got  8.0.0 - 12.4.1
  Depends on vulnerable versions of cacheable-request
  node_modules/got
    metadata-scraper  *
    Depends on vulnerable versions of got
    node_modules/metadata-scraper
      @nuxtjs/algolia  >=0.7.0
Baroshem commented 1 year ago

Hey,

Thanks for reporting this issue!

I am not sure if it can be fixed however as this dependency is actually used in another dependecy that my module uses which is caching from Algolia. I will check it out.

Baroshem commented 1 year ago

Closing as it is related to external dependency.