Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix npm critical security issues #48

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix npm critical security issues #48

wants to merge 1 commit into from

Conversation

ignaciocarre
Copy link

Summary

Upgrade dependencies with critical npm security warnings

Detail

After running npm audit we found that sdtt was having 1 critical notice:

# npm audit report

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
No fix available
node_modules/web-auto-extractor/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/web-auto-extractor/node_modules/css-select
    cheerio  0.19.0 - 1.0.0-rc.3
    Depends on vulnerable versions of css-select
    node_modules/web-auto-extractor/node_modules/cheerio
      web-auto-extractor  *
      Depends on vulnerable versions of cheerio
      node_modules/web-auto-extractor
        structured-data-testing-tool  *
        Depends on vulnerable versions of web-auto-extractor
        node_modules/structured-data-testing-tool

Checklist

If you would like your code to be merged into master and released, please complete this checklist and raise a Pull Request.

  • Review commit history and ensure messages follow best practice (short, imperative, well written, combine commits where appropriate).
  • Ensure branch is up-to-date with master before raising a Pull Request (e.g. run git rebase origin/master).
  • Ensure commit history does not include any merges (use rebase, not merge).
  • Ensure all existing unit tests still run and pass.
  • Add additional unit test coverage where possible.
  • Keeping dependancies up to date and running npm audit fix to fix flagged issues is appreciated.
  • Respect existing conventions (e.g. this repository uses JavaScript not Typescript, and NPM not yarn).

@iaincollins
Copy link
Owner

Thanks for raising this, I'll test it and if it al seems fine merge it and get it published later today (good reminder that I should really automate the pipeline…)

@ignaciocarre
Copy link
Author

ignaciocarre commented Aug 2, 2023
edited
Loading

Great @iaincollins!, I did run all the tests in my local env, all passing here. Automation sounds even better, having all those greens on this PR would be a relief 😅

Hope you can merge it asap, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ignaciocarre @iaincollins @nachotmbi