Describe the bugSnyk vulnerabilities scanner reprots several issues
To Reproduce
Steps to reproduce the behavior:
Run Snyk CLI (snyk test in project folder) in a project using @starkware-industries/commons-js-libs@1.2.1 npm package
Expected behavior
No vulnerabilities found
Screenshots
Issues with no direct upgrade or patch:
✗ Insecure Credential Storage [Low Severity][https://security.snyk.io/vuln/SNYK-JS-WEB3-174533] in web3@1.8.1
introduced by @starkware-industries/commons-js-libs@1.2.1 > web3@1.8.1
No upgrade or patch available
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-WS-1296835] in ws@3.3.3
introduced by @starkware-industries/commons-js-libs@1.2.1 > web3@1.8.1 > web3-bzz@1.8.1 > swarm-js@0.1.42 > eth-lib@0.1.29 > ws@3.3.3
This issue was fixed in versions: 7.4.6, 6.2.2, 5.2.3
Additional context
First issiue, the "Insecure Credential Storage" in @starkware-industries/commons-js-libs@1.2.1 sounds a bit concerning 🤔
Describe the bug Snyk vulnerabilities scanner reprots several issues
To Reproduce Steps to reproduce the behavior:
snyk test
in project folder) in a project using@starkware-industries/commons-js-libs@1.2.1
npm packageExpected behavior No vulnerabilities found
Screenshots
Additional context
@starkware-industries/commons-js-libs@1.2.1
sounds a bit concerning 🤔