You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As far as I understand there are already bugfix releases of version 4, 5 and 6 available, which is awesome.
Would it be possible to also do a bugfix release of version 2? Npm audit shows me the following chain:
normalize-url <=4.5.0 || 5.0.0 - 5.3.0 || 6.0.0
Severity: high
Regular Expression Denial of Service - https://npmjs.com/advisories/1755
fix available via `npm audit fix --force`
Will install karma-sauce-launcher@4.1.4, which is a breaking change
node_modules/download/node_modules/normalize-url
cacheable-request 0.1.0 - 6.0.0
Depends on vulnerable versions of normalize-url
node_modules/download/node_modules/cacheable-request
got 8.0.0 - 9.5.0
Depends on vulnerable versions of cacheable-request
node_modules/download/node_modules/got
download >=7.0.0
Depends on vulnerable versions of got
node_modules/download
bin-wrapper 2.1.2 || >=4.0.0
Depends on vulnerable versions of download
node_modules/bin-wrapper
saucelabs >=4.1.0
Depends on vulnerable versions of bin-wrapper
node_modules/saucelabs
karma-sauce-launcher >=4.1.5
Depends on vulnerable versions of saucelabs
node_modules/karma-sauce-launcher
E.g. https://www.npmjs.com/package/bin-wrapper is a highly used package (~ 1 million installs a week) but likely no longer updated (last update three years ago). This packages indirectly relies on normalize-url version 2.
The text was updated successfully, but these errors were encountered:
Hi there.
First of all thank you for your package. I was actually not aware of using it, but thanks to the power of npm I actually do.
I noticed that I'll get a
npm audit
warning which points to https://www.npmjs.com/advisories/1755.As far as I understand there are already bugfix releases of version 4, 5 and 6 available, which is awesome.
Would it be possible to also do a bugfix release of version 2? Npm audit shows me the following chain:
E.g. https://www.npmjs.com/package/bin-wrapper is a highly used package (~ 1 million installs a week) but likely no longer updated (last update three years ago). This packages indirectly relies on
normalize-url
version 2.The text was updated successfully, but these errors were encountered: