You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a critical security vulnerability in vm2, a dependency of degenerator:
vm2 *
Severity: critical
vm2 Sandbox Escape vulnerability - https://github.com/advisories/GHSA-cchq-frgv-rjh5
fix available via `npm audit fix`
node_modules/vm2
degenerator 3.0.0 - 4.0.4
Depends on vulnerable versions of vm2
node_modules/snowflake-sdk/node_modules/degenerator
npm install message warns that this package should not be used:
npm WARN deprecated vm2@3.9.19: The library contains critical security issues and should not be used for production! The maintenance of the project has been discontinued. Consider migrating your code to isolated-vm.
There is also this issue with a notice from the maintainer: patriksimek/vm2#533
The text was updated successfully, but these errors were encountered:
There is a critical security vulnerability in
vm2, a dependency of degenerator:npm installmessage warns that this package should not be used:There is also this issue with a notice from the maintainer: patriksimek/vm2#533
The text was updated successfully, but these errors were encountered: