Skip to content

Older tap dependency is pulling in audit / security issues #87

Description

@jeking3

I am updating grunt-shell-spawn to align with grunt 1.6.

jaseking@dev-dsk-jaseking-1e-9d9eb63c] npm ls tap
grunt-shell-spawn@0.5.0 /workplace/jaseking/grunt-shell-spawn
└─┬ grunt-contrib-nodeunit@5.0.0
  └─┬ nodeunit-x@0.16.0
    └── tap@16.3.10
npm WARN audit fix @babel/helpers@7.23.6 node_modules/tap/node_modules/@babel/helpers
npm WARN audit fix @babel/helpers@7.23.6 is a bundled dependency of
npm WARN audit fix @babel/helpers@7.23.6 tap@16.3.10 at node_modules/tap
npm WARN audit fix @babel/helpers@7.23.6 It cannot be fixed automatically.
npm WARN audit fix @babel/helpers@7.23.6 Check for updates to the tap package.
npm WARN audit fix ws@7.5.9 node_modules/tap/node_modules/ws
npm WARN audit fix ws@7.5.9 is a bundled dependency of
npm WARN audit fix ws@7.5.9 tap@16.3.10 at node_modules/tap
npm WARN audit fix ws@7.5.9 It cannot be fixed automatically.
npm WARN audit fix ws@7.5.9 Check for updates to the tap package.

up to date, audited 448 packages in 1s

41 packages are looking for funding
  run `npm fund` for details

# npm audit report

@babel/helpers  <7.26.10
Severity: moderate
Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups - https://github.com/advisories/GHSA-968p-4wvh-cqc8
fix available via `npm audit fix`
node_modules/tap/node_modules/@babel/helpers

ws  7.0.0 - 7.5.9
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/tap/node_modules/ws

2 vulnerabilities (1 moderate, 1 high)

To address all issues, run:
  npm audit fix

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions