Closed AO-91 closed 1 year ago
When I follow https://tableau.github.io/extensions-api/docs/trex_getstarted.html and install I get vulnerabilitiy warnings:
# npm audit report ejs <3.1.7 Severity: critical Template injection in ejs - https://github.com/advisories/GHSA-phwq-j96m-2c2q No fix available node_modules/ejs @tableau/tabextsandbox * Depends on vulnerable versions of ejs Depends on vulnerable versions of optimist node_modules/@tableau/tabextsandbox minimist <=1.2.5 Severity: critical Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m fix available via `npm audit fix` node_modules/@tableau/tabextsandbox/node_modules/minimist optimist >=0.6.0 Depends on vulnerable versions of minimist node_modules/@tableau/tabextsandbox/node_modules/optimist 4 vulnerabilities (1 moderate, 3 critical)
the fix using npm audit doesn't work. It seems like npm minimist is using version 0.0.1.
+-- @tableau/tabextsandbox@1.9.0 | `-- optimist@0.6.1 | `-- minimist@0.0.10
Just wanted to bring it to your attention. If this is something that I can fix on my end then any advice is much appreciated!
Thank you for bringing this to our attention. We will get the dependencies updated. John
Fixed in version 1.10.0 Thank you.
When I follow https://tableau.github.io/extensions-api/docs/trex_getstarted.html and install I get vulnerabilitiy warnings:
the fix using npm audit doesn't work. It seems like npm minimist is using version 0.0.1.
Just wanted to bring it to your attention. If this is something that I can fix on my end then any advice is much appreciated!