Issues with no direct upgrade or patch:
✗ Uncontrolled resource consumption [High Severity][https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727] in braces@2.3.2
introduced by @uswds/compile@1.1.0 > del@6.1.1 > globby@11.1.0 > fast-glob@3.3.2 > micromatch@4.0.5 > braces@3.0.2 and 7 other path(s)
No upgrade or patch available
✗ Inefficient Regular Expression Complexity [High Severity][https://security.snyk.io/vuln/SNYK-JS-MICROMATCH-6838728] in micromatch@3.1.10
introduced by @uswds/compile@1.1.0 > del@6.1.1 > globby@11.1.0 > fast-glob@3.3.2 > micromatch@4.0.5 and 6 other path(s)
No upgrade or patch available
Solution
Updated snyk ignore. Ran the following in the command line:
npx snyk ignore --id="SNYK-JS-BRACES-6838727" --reason="No available upgrade or patch"
npx snyk ignore --id="SNYK-JS-MICROMATCH-6838728" --reason="No available upgrade or patch"
To keep all snyk ignores on the same schedule, I also ran the following:
npx snyk ignore --id="SNYK-JS-UNSETVALUE-2400660" --reason="No available upgrade or patch"
npx snyk ignore --id="SNYK-JS-ANSIREGEX-1583908" --reason="No available upgrade or patch"
npx snyk ignore --id="SNYK-JS-INFLIGHT-6095116" --reason="No available upgrade or patch"
Summary
Updated snyk ignore files
Problem statement
npx snyk test
is throwing the following error:Solution
Updated snyk ignore. Ran the following in the command line:
To keep all snyk ignores on the same schedule, I also ran the following:
Testing and review
To test, run
npx snyk test
and check for errors.Reference
Ignoring Snyk alerts (Google docs :lock:)