Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[BUG] npm reports 2 low level security vulnerabilities @ version 1.1.5

See original GitHub issue

Overview of the issue

npm reports 2 low level security vulnerabilities @ version 1.1.5 and mentions this requires a manual review and cannot be automatically fixed.

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ debug                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >= 2.6.9 < 3.0.0 || >= 3.1.0                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @compodoc/compodoc [dev]                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @compodoc/compodoc > live-server > connect > debug           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/534                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ debug                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >= 2.6.9 < 3.0.0 || >= 3.1.0                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @compodoc/compodoc [dev]                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @compodoc/compodoc > live-server > connect > finalhandler >  │
│               │ debug                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/534                       │
└───────────────┴──────────────────────────────────────────────────────────────┘

Operating System, Node.js, npm, compodoc version(s)

OS System Version: macOS 10.14 OS Kernel Version: Darwin 18.0.0 Node version: v10.10.0 NPM Version: 6.4.1 Compodoc Version: 1.1.5

Compodoc installed globally or locally ?

locally

Reproduce the error

npm install @compodoc/compodoc@1.1.5

Suggest a Fix

It seems dependency debug needs updating to have the error removed. Otherwise it popups on any and all npm actions within the project. Yes the warnings can be disabled and this issue is likely nothing at all but simply bumping the debug package version will probably fix it based on what I’m gathering from the npm output

Issue Analytics

State:
Created 5 years ago
Reactions:6
Comments:5 (2 by maintainers)

Top GitHub Comments

1reaction

SteveMattarcommented, Nov 25, 2018

This still happends on compodoc version 1.1.6 which is using live-server 1.2.0 live-server was not updated for 2 years please consider relplacing it with

0reactions

lock[bot]commented, Sep 30, 2019

This issue has been automatically locked due to inactivity. Please file a new issue if you are encountering a similar or related problem. Why locking ? Having issues with the most up-to-date context.

Top Results From Across the Web

Nodejs : Security vulnerabilities - CVE Details

# CVE ID CWE ID Vulnerability Type(s) Publish Date Update Date Score Gaine... 1 CVE‑2022‑43548 78 Bypass 2022‑12‑05 2022‑12‑08 0.0 None 2 CVE‑2022‑35949 918 2022‑08‑12...

Auditing package dependencies for security vulnerabilities

Security audits help you protect your package's users by enabling you to find and fix known vulnerabilities in dependencies that could cause data...

javascript - Fix vulnerabilities in NPM manually - Stack Overflow

You can get a report of all vulnerabilities using npm audit . In that report for each vulnerability you will also see a...

Fixing security vulnerabilities in npm dependencies in less ...

2 ) Github security policy can also notify you — something like the ... had to deal with this error where acorn and...

Known Exploited Vulnerabilities Catalog | CISA

US Department of Homeland Security CISA Cyber + Infrastructure ... A privilege escalation vulnerability exists in the way Windows Error Reporting (WER) ...