You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
swaggerhub-cli depends on an outdated version of @oclif/plugin-plugins that causes npm audit alerts
To reproduce...
Steps to reproduce the behavior:
Install swaggerhub-cli
$ npm install swaggerhub-cli
Execute command npm audit
$ npm audit
See error
# npm audit report
ip *
Severity: high
NPM IP package incorrectly identifies some private IP addresses as public - https://github.com/advisories/GHSA-78xj-cgh5-2h22
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix`
node_modules/npm/node_modules/ip
tar <6.2.1
Severity: moderate
Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36
fix available via `npm audit fix --force`
Will install swaggerhub-cli@0.7.2, which is a breaking change
node_modules/npm/node_modules/tar
npm <=10.5.0
Depends on vulnerable versions of tar
node_modules/npm
@oclif/plugin-plugins 3.0.1 - 5.0.15 || 5.0.17
Depends on vulnerable versions of npm
node_modules/@oclif/plugin-plugins
swaggerhub-cli >=0.8.0
Depends on vulnerable versions of @oclif/plugin-plugins
node_modules/swaggerhub-cli
5 vulnerabilities (4 moderate, 1 high)
Expected behavior
Screenshots
Additional context or thoughts
The text was updated successfully, but these errors were encountered:
Q&A (please complete the following information)
Describe the bug you're encountering
swaggerhub-clidepends on an outdated version of@oclif/plugin-pluginsthat causesnpm auditalertsTo reproduce...
Steps to reproduce the behavior:
swaggerhub-clinpm auditExpected behavior
Screenshots
Additional context or thoughts
The text was updated successfully, but these errors were encountered: