Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Vulnerabilities #6981

Closed
2 tasks done
AbhijithGanesh opened this issue Mar 24, 2022 · 1 comment
Closed
2 tasks done

Fix Vulnerabilities #6981

AbhijithGanesh opened this issue Mar 24, 2022 · 1 comment
Labels
closed: please-fix-this-cve This issue is asking for fixing a CVE in a build-only dep which doesn't pose any real threat.

Comments

@AbhijithGanesh
Copy link

AbhijithGanesh commented Mar 24, 2022
edited
Loading

Have you read the Contributing Guidelines on issues?

Description

Please fix the npm package dependencies that are considered as vulnerable. According to Yarn audits, there are 11 dependencies that are considered vulnerable.

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ Inefficient Regular Expression Complexity in nth-check       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ nth-check                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @docusaurus/core                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @docusaurus/core >                                           │
│               │ @slorber/static-site-generator-webpack-plugin > cheerio >    │
│               │ css-select > nth-check                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1064864                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ Inefficient Regular Expression Complexity in nth-check       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ nth-check                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @docusaurus/preset-classic                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @docusaurus/preset-classic > @docusaurus/core >              │
│               │ @slorber/static-site-generator-webpack-plugin > cheerio >    │
│               │ css-select > nth-check                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1064864                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ Inefficient Regular Expression Complexity in nth-check       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ nth-check                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @docusaurus/preset-classic                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @docusaurus/preset-classic > @docusaurus/plugin-content-blog │
│               │ > @docusaurus/core >                                         │
│               │ @slorber/static-site-generator-webpack-plugin > cheerio >    │
│               │ css-select > nth-check                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1064864                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ Inefficient Regular Expression Complexity in nth-check       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ nth-check                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @docusaurus/preset-classic                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @docusaurus/preset-classic > @docusaurus/theme-classic >     │
│               │ @docusaurus/plugin-content-blog > @docusaurus/core >         │
│               │ @slorber/static-site-generator-webpack-plugin > cheerio >    │
│               │ css-select > nth-check                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1064864                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ Inefficient Regular Expression Complexity in nth-check       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ nth-check                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @docusaurus/preset-classic                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @docusaurus/preset-classic > @docusaurus/theme-classic >     │
│               │ @docusaurus/theme-common > @docusaurus/plugin-content-blog > │
│               │ @docusaurus/core >                                           │
│               │ @slorber/static-site-generator-webpack-plugin > cheerio >    │
│               │ css-select > nth-check                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1064864                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Regular Expression Denial of Service in trim                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ trim                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.0.3                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @docusaurus/core                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @docusaurus/core > @docusaurus/mdx-loader > @mdx-js/mdx >    │
│               │ remark-parse > trim                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1065257                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Regular Expression Denial of Service in trim                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ trim                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.0.3                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @docusaurus/core                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @docusaurus/core > @docusaurus/mdx-loader > @mdx-js/mdx >    │
│               │ remark-mdx > remark-parse > trim                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1065257                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Regular Expression Denial of Service in trim                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ trim                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.0.3                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @docusaurus/preset-classic                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @docusaurus/preset-classic > @docusaurus/core >              │
│               │ @docusaurus/mdx-loader > @mdx-js/mdx > remark-mdx >          │
│               │ remark-parse > trim                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1065257                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Regular Expression Denial of Service in trim                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ trim                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.0.3                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @docusaurus/preset-classic                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @docusaurus/preset-classic > @docusaurus/plugin-content-blog │
│               │ > @docusaurus/core > @docusaurus/mdx-loader > @mdx-js/mdx >  │
│               │ remark-mdx > remark-parse > trim                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1065257                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Regular Expression Denial of Service in trim                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ trim                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.0.3                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @docusaurus/preset-classic                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @docusaurus/preset-classic > @docusaurus/theme-classic >     │
│               │ @docusaurus/plugin-content-blog > @docusaurus/core >         │
│               │ @docusaurus/mdx-loader > @mdx-js/mdx > remark-mdx >          │
│               │ remark-parse > trim                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1065257                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high          │ Regular Expression Denial of Service in trim                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ trim                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.0.3                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @docusaurus/preset-classic                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @docusaurus/preset-classic > @docusaurus/theme-classic >     │
│               │ @docusaurus/theme-common > @docusaurus/plugin-content-blog > │
│               │ @docusaurus/core > @docusaurus/mdx-loader > @mdx-js/mdx >    │
│               │ remark-mdx > remark-parse > trim                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1065257                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
11 vulnerabilities found - Packages audited: 1091
Severity: 5 Moderate | 6 High
Done in 1.62s.

Has this been requested on Canny?

No

Motivation

NPM Audit fix.

API design

No response

Have you tried building it?

NO

Self-service

  • I'd be willing to contribute this feature to Docusaurus myself.
@AbhijithGanesh AbhijithGanesh added feature This is not a bug or issue with Docusausus, per se. It is a feature request for the future. status: needs triage This issue has not been triaged by maintainers labels Mar 24, 2022
@Josh-Cena Josh-Cena added closed: wontfix A fix will bring significant overhead, or is out of scope (for feature requests) and removed feature This is not a bug or issue with Docusausus, per se. It is a feature request for the future. status: needs triage This issue has not been triaged by maintainers labels Mar 24, 2022
@Josh-Cena
Copy link
Collaborator

Please see #6394

@Josh-Cena Josh-Cena added closed: duplicate This issue or pull request already exists in another issue or pull request and removed closed: wontfix A fix will bring significant overhead, or is out of scope (for feature requests) labels Apr 5, 2022
@Josh-Cena Josh-Cena added closed: please-fix-this-cve This issue is asking for fixing a CVE in a build-only dep which doesn't pose any real threat. and removed closed: duplicate This issue or pull request already exists in another issue or pull request labels Apr 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
closed: please-fix-this-cve This issue is asking for fixing a CVE in a build-only dep which doesn't pose any real threat.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Josh-Cena @AbhijithGanesh