Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

bump vow dependency for security fix #62

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

bump vow dependency for security fix #62

wants to merge 1 commit into from

Conversation

fw42
Copy link

@fw42 fw42 commented Jan 14, 2025

Before:

$ npm audit
# npm audit report

diff  <3.5.0
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-h6ch-v84p-w6p9
fix available via `npm audit fix`
node_modules/diff
  vows  0.6.4 - 0.8.2 || 0.9.0-rc1 - 0.9.0-rc3
  Depends on vulnerable versions of diff
  node_modules/vows

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

After:

$ npm audit
found 0 vulnerabilities

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@fw42