search

sindresorhus / article-title

Extract the article title of a HTML document
MIT License
54 stars 7 forks source link

Update dependencies #7

Closed benjifs closed 2 years ago

benjifs commented 2 years ago

This PR updates cheerio to 1.0.0-rc.10 and xo to 0.47.0 and bumps this package to 4.0.1.

Also fix tests not running after updating dependencies. 

test.js:1:18
  ✖   1:18  Prefer node:path over path.  unicorn/prefer-node-protocol
  ✖   2:16  Prefer node:fs over fs.      unicorn/prefer-node-protocol

  index.js:20:17
  ✖  20:17  Missing trailing comma.      comma-dangle

The following is the output of npm audit

# npm audit report

css-what  4.0.0 - 5.0.0
Severity: high
Denial of service in css-what - https://github.com/advisories/GHSA-q8pj-2vqx-8ggc
fix available via `npm audit fix --force`
Will install cheerio@1.0.0-rc.10, which is outside the stated dependency range
node_modules/css-what
  cheerio-select-tmp  *
  Depends on vulnerable versions of css-what
  node_modules/cheerio-select-tmp
    cheerio  1.0.0-rc.1 - 1.0.0-rc.5
    Depends on vulnerable versions of cheerio-select-tmp
    node_modules/cheerio
  css-select  3.1.1 - 3.1.2
  Depends on vulnerable versions of css-what
  node_modules/css-select

glob-parent  <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install xo@0.47.0, which is a breaking change
node_modules/xo/node_modules/glob-parent
  fast-glob  <=2.2.7
  Depends on vulnerable versions of glob-parent
  node_modules/xo/node_modules/fast-glob
    globby  8.0.0 - 9.2.0
    Depends on vulnerable versions of fast-glob
    node_modules/xo/node_modules/globby
      xo  0.20.0 - 0.41.0
      Depends on vulnerable versions of globby
      node_modules/xo

8 high severity vulnerabilities

Tested with node v12.22.7 and v17.2.0