oav icon indicating copy to clipboard operation
oav copied to clipboard
verified publisher icon Azure

npm audit reports oav versions later than 0.18.3 have dependency on package with vulnerability (yuml2svg, depends on jsdom)

Open laurawalker opened this issue 3 years ago • 0 comments

npm audit output:

npm audit report

jsdom <=16.4.0 Severity: moderate Insufficient Granularity of Access Control in JSDom - https://github.com/advisories/GHSA-f4c9-cqv8-9v98 fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/oav/node_modules/jsdom yuml2svg 4.0.0-0 - 5.0.0-rc.1 Depends on vulnerable versions of jsdom node_modules/oav/node_modules/yuml2svg oav >=0.18.3 Depends on vulnerable versions of yuml2svg node_modules/oav

laurawalker avatar Aug 17 '22 19:08 laurawalker