Lalaps Dashboard

[lalaps]

This issue provides visibility into Lalaps updates and their statuses.

npm

Inefficient Regular Expression Complexity in chalk/ansi-regex
Library: ansi-regex
Affected versions: >=3.0.0 <3.0.1
Severity: high
✔️ #72
✔️ #60
Root Libraries:

decode-uri-component vulnerable to Denial of Service (DoS)
Library: decode-uri-component
Affected versions: <=0.2.0
Severity: low
Root Libraries:

• ❌ danger

Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
Library: follow-redirects
Affected versions: <1.14.8
Severity: moderate
✔️ #72
✔️ #60
Root Libraries:

minimatch ReDoS vulnerability
Library: minimatch
Affected versions: <3.0.5
Severity: high
Root Libraries:

• ✔️ mocha Chore: fixes some npm audit vulnerabilities #72 Chore: fixes some npm audit vulnerabilities #60

Prototype Pollution in minimist
Library: minimist
Affected versions: <1.2.6
Severity: critical
✔️ #72
✔️ #60
Root Libraries:

Packing does not respect root-level ignore files in workspaces
Library: npm
Affected versions: >=7.9.0 <8.11.0
Severity: high
✔️ #72
✔️ #60
Root Libraries:

Authorization Bypass in parse-path
Library: parse-path
Affected versions: <5.0.0
Severity: high
Root Libraries:

Cross site scripting in parse-url
Library: parse-url
Affected versions: <6.0.1
Severity: moderate
✔️ #72
✔️ #60
Root Libraries:

Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
Library: semantic-release
Affected versions: >=17.0.4 <19.0.3
Severity: moderate
✔️ #72
✔️ #60
Root Libraries:

• ✔️ semantic-release Chore: fixes some npm audit vulnerabilities #72 Chore: fixes some npm audit vulnerabilities #60

Regular expression denial of service in semver-regex
Library: semver-regex
Affected versions: <3.1.4
Severity: low
✔️ #72
✔️ #60
Root Libraries:

Last Updated: 01 Dec 2022, at 01:16 UTC