search

vite-pwa / astro

Zero-config PWA Integration for Astro
https://vite-pwa-org.netlify.app/frameworks/astro
MIT License
198 stars 8 forks source link

npm audit report vulnerability of a dependency #39

Closed kaushalyap closed 8 months ago

kaushalyap commented 8 months ago 
❯ npm audit                  
# npm audit report

trim  <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
No fix available
node_modules/trim
  mdast-util-to-hast  <=6.0.2
  Depends on vulnerable versions of trim
  node_modules/decap-cms-widget-markdown/node_modules/mdast-util-to-hast
    remark-rehype  <=5.0.0
    Depends on vulnerable versions of mdast-util-to-hast
    node_modules/decap-cms-widget-markdown/node_modules/remark-rehype
  remark-parse  <=8.0.3
  Depends on vulnerable versions of trim
  node_modules/decap-cms-widget-markdown/node_modules/remark-parse
    decap-cms-widget-markdown  *
    Depends on vulnerable versions of remark-parse
    Depends on vulnerable versions of remark-rehype
    node_modules/decap-cms-widget-markdown
      decap-cms-app  *
      Depends on vulnerable versions of decap-cms-widget-markdown
      node_modules/decap-cms-app

While this may not be a bigger issue as dev dependency, but worth noting.

userquin commented 8 months ago

This repo doesn't use any cms and/or markdown dependency

kaushalyap commented 8 months ago

@userquin Sorry my mistake, I'll close