Giters

bahmutov / local-cypress

Use Cypress without global objects

Home Page:https://glebbahmutov.com/blog/local-cypress/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

同学,您这个项目引入了331个开源组件,存在1个漏洞,辛苦升级一下

dependasec opened this issue · comments

commented

检测到 bahmutov/local-cypress 一共引入了331个开源组件,存在1个漏洞

漏洞标题:ansi-regex 安全漏洞
缺陷组件:ansi-regex@5.0.0
漏洞编号:CVE-2021-3807
漏洞描述:Ansi-Regex是用于匹配ANSI 转义码的正则表达式。
ansi-regex 存在安全漏洞,该漏洞源于易受低效正则表达式复杂性的影响。
影响范围:(2.1.1, 5.0.1)
最小修复版本:5.0.1
缺陷组件引入路径:local-cypress@0.0.0-development->semantic-release@19.0.2->yargs@16.2.0->string-width@4.2.0->strip-ansi@6.0.0->ansi-regex@5.0.0
local-cypress@0.0.0-development->semantic-release@19.0.2->yargs@16.2.0->cliui@7.0.4->strip-ansi@6.0.0->ansi-regex@5.0.0
local-cypress@0.0.0-development->cypress@9.5.2->cli-table3@0.6.1->string-width@4.2.0->strip-ansi@6.0.0->ansi-regex@5.0.0
local-cypress@0.0.0-development->cypress@9.5.2->listr2@3.14.0->wrap-ansi@7.0.0->strip-ansi@6.0.0->ansi-regex@5.0.0

另外还有几个漏洞,详细报告:https://mofeisec.com/jr?p=a743f6