search

yuchangyuan / node-red-contrib-roomba980-fw2

Roomba 980(v2 firmware) support for nodered
Apache License 2.0
2 stars 5 forks source link

npm audit -> Please update dependency #8

Open Mannshoch opened 1 year ago

Mannshoch commented 1 year ago

@yuchangyuan

I still use your node red add-on for my Roomba. Thanks for that!

On my last update of node red I did an npm audit and received follow error message:

glob-parent  <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
No fix available
node_modules/glob-parent
  glob-stream  5.3.0 - 6.1.0
  Depends on vulnerable versions of glob-parent
  node_modules/glob-stream
    help-me  1.0.0 - 1.1.0
    Depends on vulnerable versions of glob-stream
    node_modules/help-me
      mqtt  1.14.1 - 4.2.6
      Depends on vulnerable versions of help-me
      node_modules/mqtt
        dorita980  >=1.0.1
        Depends on vulnerable versions of mqtt
        Depends on vulnerable versions of request
        Depends on vulnerable versions of request-promise
        node_modules/dorita980
          node-red-contrib-roomba980-fw2  *
          Depends on vulnerable versions of dorita980
          node_modules/node-red-contrib-roomba980-fw2

Could you please update you add-on - if possible?

yuchangyuan commented 1 year ago

I am quite unfamiliar with npm and javascript. but I think this vulnerable is caused by "dorita980", which I can do nothing with.

Mannshoch commented 1 year ago

do you mean https://github.com/koalazak/dorita980 form @koalazak ?

yuchangyuan commented 1 year ago

do you mean https://github.com/koalazak/dorita980 form @koalazak ?

yes