You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What minimal example or steps are needed to reproduce the bug?
npm install stylelint@15.9.0
added 176 packages, and audited 177 packages in 8s
33 packages are looking for funding
run `npm fund` for details
6 moderate severity vulnerabilities
To address all issues, run:
npm audit fix
Run `npm audit` for details.
Running npm audit:
# npm audit report
semver <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install stylelint@7.13.0, which is a breaking change
node_modules/read-pkg/node_modules/semver
normalize-package-data <=2.5.0
Depends on vulnerable versions of semver
node_modules/read-pkg/node_modules/normalize-package-data
read-pkg <=5.2.0
Depends on vulnerable versions of normalize-package-data
node_modules/read-pkg
read-pkg-up <=7.0.1
Depends on vulnerable versions of read-pkg
node_modules/read-pkg-up
meow 3.4.0 - 9.0.0
Depends on vulnerable versions of read-pkg-up
node_modules/meow
stylelint >=8.0.0
Depends on vulnerable versions of meow
node_modules/stylelint
6 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
What minimal configuration is needed to reproduce the bug?
N/A
How did you run Stylelint?
I don't
Which Stylelint-related dependencies are you using?
stylelint@15.9.0
What did you expect to happen?
no vulnerabilities
What actually happened?
npm install outputs
Do you have a proposal to fix the bug?
Possibly update meow to version 10 or later, which removed the vulnerable verison of semver from the dependency tree.
The text was updated successfully, but these errors were encountered:
What minimal example or steps are needed to reproduce the bug?
npm install stylelint@15.9.0
Running
npm audit:
What minimal configuration is needed to reproduce the bug?
N/A
How did you run Stylelint?
I don't
Which Stylelint-related dependencies are you using?
stylelint@15.9.0
What did you expect to happen?
no vulnerabilities
What actually happened?
npm install outputs
Do you have a proposal to fix the bug?
Possibly update meow to version 10 or later, which removed the vulnerable verison of
semver
from the dependency tree.The text was updated successfully, but these errors were encountered: