NPM Audit fix for semver error #112
Comments
|
This is used only during the unit testing, it is not a production mode package |
|
From reading through everything that I can about the error it is coming from the inclusion of @mapbox/node-pre-gyp from the includes in gdal-async is listed as ^1.0.8. In looking into the mapbox/node-pre-gyp it appears that they have fixed the issue in there 1.0.11 version. For some reason either trying to update our imports or remove gdal-async and reinstall it will only pull in 1.0.9 version. So the error is still be reported back. I don't know if the includes could be updated to the 1.0.11 version which has be patched. I don't know there other changes that would not be possible. I don't think it is a problem on my side why it does not seem to be pulling the latest I have tried updating to the latest node version but still get the problem. |
In execution of the npm audit functionality reporting error in version of semver that gdal-async is using.
│ Moderate │ semver vulnerable to Regular Expression Denial of Service │
│ Package │ semver │
│ Patched in │ >=6.3.1 │
│ Dependency of │ gdal-async │
│ Path │ gdal-async > @mapbox/node-pre-gyp > make-dir > semver │
│ More info │ GHSA-c2qf-rxjj-qqgw │
I this could be upgraded to a patched version.
The text was updated successfully, but these errors were encountered: