You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
snyk scans are reporting that @grpc/grpc-js@1.8.14 is vulnerable to CVE-2021-3807 because of its dependency to yargs@16.2.0. Please update yargs version to > yargs@17.2.1 so this gets fixed.
Reproduction steps
I ran locally the command snyk test
This is the chain of dependnecies that snyk reported
Problem description
snyk scans are reporting that @grpc/grpc-js@1.8.14 is vulnerable to CVE-2021-3807 because of its dependency to yargs@16.2.0. Please update yargs version to > yargs@17.2.1 so this gets fixed.
Reproduction steps
I ran locally the command
snyk test
This is the chain of dependnecies that snyk reported
This issue was fixed in versions of ansi-regex: 3.0.1, 4.1.1, 5.0.1, 6.0.1
So updating yargs to > yargs@17.2.1 would fix this issue.
Environment
Additional context
Snyk is reporting https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
The text was updated successfully, but these errors were encountered: