Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Long summary output for only one vulnerable advisory #239

Closed
mobilutz opened this issue Mar 22, 2022 · 6 comments · Fixed by #240 or #243
Closed

Long summary output for only one vulnerable advisory #239

mobilutz opened this issue Mar 22, 2022 · 6 comments · Fixed by #240 or #243
Labels
bug Something isn't working

Comments

@mobilutz
Copy link
Contributor

We have a warning for this advisory in our system:
GHSA-xvch-5gv4-984h

But the summary output of the audit-ci run does not look good in my opinion:

$ audit-ci --config audit-config.json
audit-ci version: 6.1.0
Yarn audit report summary:
{
  "vulnerabilities": {
    "info": 0,
    "low": 0,
    "moderate": 0,
    "high": 10,
    "critical": 0
  },
  "dependencies": XXX,
  "devDependencies": 0,
  "optionalDependencies": 0,
  "totalDependencies": XXX
}
Found vulnerable advisory paths:
GHSA-xvch-5gv4-984h|esdoc>minimist
GHSA-xvch-5gv4-984h|@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|fetch-mock>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/reporters>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|esdoc>minimist
GHSA-xvch-5gv4-984h|@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|fetch-mock>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/reporters>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|esdoc>minimist
GHSA-xvch-5gv4-984h|@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|fetch-mock>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/reporters>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|esdoc>minimist
GHSA-xvch-5gv4-984h|@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|fetch-mock>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/reporters>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|esdoc>minimist
GHSA-xvch-5gv4-984h|@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|fetch-mock>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/reporters>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|esdoc>minimist
GHSA-xvch-5gv4-984h|@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|fetch-mock>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/reporters>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|esdoc>minimist
GHSA-xvch-5gv4-984h|@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|fetch-mock>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/reporters>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|esdoc>minimist
GHSA-xvch-5gv4-984h|@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|fetch-mock>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/reporters>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|esdoc>minimist
GHSA-xvch-5gv4-984h|@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|fetch-mock>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/reporters>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|esdoc>minimist
GHSA-xvch-5gv4-984h|@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|fetch-mock>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/reporters>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|esdoc>minimist
GHSA-xvch-5gv4-984h|@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|fetch-mock>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/reporters>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|esdoc>minimist
GHSA-xvch-5gv4-984h|@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|fetch-mock>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>@jest/reporters>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>babel-jest>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
GHSA-xvch-5gv4-984h|jest>jest-cli>@jest/core>jest-config>@jest/test-sequencer>jest-runtime>jest-snapshot>@jest/transform>babel-plugin-istanbul>istanbul-lib-instrument>@babel/core>json5>minimist
Failed security audit due to high vulnerabilities.
Vulnerable advisories are:
https://github.com/advisories/GHSA-xvch-5gv4-984h
Exiting...
error Command failed with exit code 1.

Of course we just need to upgrade minimist and the output goes away, but I do think that the summary should be displayed differently here.

I will try to find time to create a dummy repo for this, but for now here the needed yarn.lock and audit-config.json content.

# needed minimist version
minimist@^1.2.5:
  version "1.2.5"
  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
  integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==

audit-config.json

{
  "low": true,
  "package-manager": "yarn",
  "report-type": "summary",
  "allowlist": []
}
@quinnturner
Copy link
Member

quinnturner commented Mar 22, 2022
edited
Loading

The duplications are the concern. I must have missed a deduplication spot (I have them in a few places). IMO, that's the fix required in this scenario. Thanks for reporting!

@quinnturner quinnturner added the bug Something isn't working label Mar 22, 2022
@quinnturner
Copy link
Member

Closed with #240, will create a release shortly.

@quinnturner quinnturner mentioned this issue Mar 22, 2022
Merged
@quinnturner
Copy link
Member

Released with v6.1.1 on NPM now!

@mobilutz
Copy link
Contributor Author

@quinnturner Thanks for the quick change.

Unfortunately the summary still has the same lines as Found vulnerable advisory paths even with v6.1.1.

I created a repo which shows this:
https://github.com/mobilutz/audit-ci-minimist-summary-output

Here the found paths output as well:

Found vulnerable advisory paths:
GHSA-5v2h-r2cx-5xgj|esdoc>marked
GHSA-rrrm-qjm4-v8hf|esdoc>marked
GHSA-rp65-9cf3-cjxr|esdoc>cheerio>css-select>nth-check
GHSA-rp65-9cf3-cjxr|esdoc>ice-cap>cheerio>css-select>nth-check
GHSA-rp65-9cf3-cjxr|esdoc>cheerio>css-select>nth-check
GHSA-rp65-9cf3-cjxr|esdoc>ice-cap>cheerio>css-select>nth-check
GHSA-xvch-5gv4-984h|minimist
GHSA-xvch-5gv4-984h|esdoc>minimist
GHSA-xvch-5gv4-984h|minimist
GHSA-xvch-5gv4-984h|esdoc>minimist

@quinnturner quinnturner reopened this Mar 24, 2022
@kyletsang kyletsang mentioned this issue Mar 25, 2022
Merged
@quinnturner
Copy link
Member

Fix released in v6.1.2 thanks to Kyle!

@mobilutz
Copy link
Contributor Author

Just ran v6.1.2 and can confirm that it reduces the output!

yarn run v1.22.17
$ audit-ci --config audit-ci-config.json
audit-ci version: 6.1.2
Yarn audit report summary:
{
  "vulnerabilities": {
    "info": 0,
    "low": 0,
    "moderate": 2,
    "high": 4,
    "critical": 0
  },
  "dependencies": 189,
  "devDependencies": 0,
  "optionalDependencies": 0,
  "totalDependencies": 189
}
Found vulnerable advisory paths:
GHSA-xvch-5gv4-984h|minimist
GHSA-xvch-5gv4-984h|esdoc>minimist
GHSA-5v2h-r2cx-5xgj|esdoc>marked
GHSA-rrrm-qjm4-v8hf|esdoc>marked
GHSA-rp65-9cf3-cjxr|esdoc>cheerio>css-select>nth-check
GHSA-rp65-9cf3-cjxr|esdoc>ice-cap>cheerio>css-select>nth-check
Failed security audit due to high, moderate vulnerabilities.
Vulnerable advisories are:
https://github.com/advisories/GHSA-xvch-5gv4-984h
https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
https://github.com/advisories/GHSA-rrrm-qjm4-v8hf
https://github.com/advisories/GHSA-rp65-9cf3-cjxr
Exiting...
error Command failed with exit code 1.

Thanks @kyletsang

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
2 participants
@mobilutz @quinnturner