Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

tsoa cli dependency vulnerability

See original GitHub issue

Sorting

  • I’m submitting a …

    • bug report
    • feature request
    • support request

  • I confirm that I

    • used the search to make sure that a similar issue hasn’t already been submit

Expected Behavior

tsoa doesn’t contain high HIGH SEVERITY cve through dependencies

Current Behavior

Snyk Flags tsoa@3.11.2 with a HIGH SEVERITY via

Regular Expression Denial of Service (ReDoS)
Vulnerable module: ansi-regex
Introduced through: @tsoa/cli@3.11.2

Link

Possible Solution

Update cli dependencies yargs to 15.3.0 as this clears all vulnerabilities

Steps to Reproduce

Run snyk cli against repo

Context (Environment)

Version of the library: Version of NodeJS:

  • Confirm you were using yarn not npm: [X]

Detailed Description

Breaking change?

No

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:2
  • Comments:5

github_iconTop GitHub Comments

1reaction
ReeceSwyftxcommented, Apr 26, 2022

@WoH is there any ETA on the next release?

1reaction
anttitakalahticommented, Dec 8, 2021

could you also update it to v3 please?

Read more comments on GitHub >

github_iconTop Results From Across the Web

tsoa/cli 4.0.0 vulnerabilities
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities (in both your packages & their dependencies) and provides ...
Read more >
npm - @tsoa/cli - Sonatype OSS Index
Find vulnerabilities, licenses, and versions for @tsoa/cli. ... This version of @tsoa/cli has no known vulnerabilities!. © 2018-present, Sonatype Inc.
Read more >
dependency-check-cli – About - GitHub Pages
The tool will generate a report listing the dependency, any identified Common Platform Enumeration (CPE) identifiers, and the associated Common Vulnerability ...
Read more >
@namecheap/tsoa-cli - NPM Package Overview - Socket
@namecheap/tsoa-cli ; 60. Supply Chain Security ; 78. Quality ; 82. Maintenance ; 100. Vulnerabilities ; 86. License ...
Read more >
npm-audit
The audit command submits a description of the dependencies configured in your project to your default registry and asks for a report of...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

@ExampleRequestBody to to used like @Example for response

Next page

Can't find a way to return a pdf binary