You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am getting this audit result using the latest tfx-cli package (0.18.0)
cross-spawn <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - GHSA-3xgq-45jj-v275
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/cross-spawn
execa 0.5.0 - 0.9.0
Depends on vulnerable versions of cross-spawn
node_modules/execa
clipboardy <=1.2.3
Depends on vulnerable versions of execa
node_modules/clipboardy
tfx-cli >=0.6.0
Depends on vulnerable versions of clipboardy
node_modules/tfx-cli
Fixing this appears to be pretty simple. Upgrading clipboardy to 4.0.0 would resolve the issue. It looks like the api has changed slightly, but since it is only used on one line in tfcommand.ts it should be quite simple to upgrade.
The text was updated successfully, but these errors were encountered:
Regular Expression Denial of Service (ReDoS) in cross-spawn
I am getting this audit result using the latest tfx-cli package (0.18.0)
cross-spawn <6.0.6
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - GHSA-3xgq-45jj-v275
fix available via
npm audit fix --forceWill install [email protected], which is a breaking change
node_modules/cross-spawn
execa 0.5.0 - 0.9.0
Depends on vulnerable versions of cross-spawn
node_modules/execa
clipboardy <=1.2.3
Depends on vulnerable versions of execa
node_modules/clipboardy
tfx-cli >=0.6.0
Depends on vulnerable versions of clipboardy
node_modules/tfx-cli
Fixing this appears to be pretty simple. Upgrading clipboardy to 4.0.0 would resolve the issue. It looks like the api has changed slightly, but since it is only used on one line in tfcommand.ts it should be quite simple to upgrade.
The text was updated successfully, but these errors were encountered: