nodesource
Security Vulnerability with latest version of NodeJS 18.7
Hello Team Following Security vulnerabilities are reported on latest version of NodeJS , Can you please take a look and address the same.
Hello Team This is the list of packaged currently used in nodejs 18.7 causing vulnerability.
| pkg_name | pkg_version | fixed_in_pkg |
|---|---|---|
| minimist | 1.2.5 | 1.2.6 |
| y18n | 4.0.0 | 5.0.5, 4.0.1, 3.2.2 |
| json-schema | 0.2.3 | 0.4.0 |
| tar | 4.4.10 | 6.1.7, 5.0.8, 4.4.16 |
| tar | 4.4.10 | 6.1.1, 5.0.6, 4.4.14,... |
| tar | 4.4.10 | 6.1.2, 5.0.7, 4.4.15,... |
| minimatch | 3.0.4 | 3.0.5 |
| ansi-regex | 5.0.0 | 4.1.1 |
| lodash | 4.17.15 | 4.17.20 |
| ini | 1.3.5 | 1.3.6 |
| lodash | 4.17.15 | 4.17.21 |
| tar | 4.4.10 | 6.1.9, 5.0.10, 4.4.18 |
| tar | 4.4.10 | 6.1.9, 5.0.10, 4.4.18 |
| ssri | 7.1.0 | 8.0.1, 7.1.1, 6.0.2 |
| got | 7.1.0 | 12.1.0 |
| lodash | 4.17.15 | 4.17.21 |
| swagger-ui-dist | 3.33.0 | 4.1.3 |
| mem | 1.1.0 | 4.0.0 |
| swagger-ui-dist | 3.33.0 | 4.1.3 |
| hosted-git-info | 2.8.5 | 2.8.9, 3.0.8 |
| hosted-git-info | 2.7.1 | 2.8.9, 3.0.8 |
| bl | 4.0.0 | 2.2.1, 1.2.3, 4.0.3, 3.0.1 |
| ajv | 6.10.2 | 6.12.3 |
| tar | 4.4.10 | 6.1.4 |
Hello @JesusPaz Thanks for taking this up !! can you please let me know in which release this will be available.. Thanks !!
Hello @JesusPaz when this will be fixed... We see that in latest NodeJS 19.0 , there is a dependancy on Minimist 1.2.5
this report must should be sent to https://github.com/nodejs/nodejs-dependency-vuln-assessments.