3 high security vulnerabilities
teodor-io opened this issue · 0 comments
teodor-io commented
After installing @celonis/content-cli
, I notice 3 high security vulnerabilities within the packages:
# npm audit report
simple-git <=3.4.0
Severity: high
Command injection in simple-git - https://github.com/advisories/GHSA-3f95-r44v-8mrg
Command injection in simple-git - https://github.com/advisories/GHSA-28xr-mwxg-3qc8
fix available via `npm audit fix --force`
Will install @celonis/content-cli@0.1.3, which is a breaking change
node_modules/simple-git
@datadog/datadog-ci 0.10.0-alpha || 0.10.1-alpha || 0.10.3-alpha || 0.10.4-alpha || 0.10.5-alpha - 0.10.13-alpha || 0.11.6-alpha || 0.11.7 - 1.3.0-alpha
Depends on vulnerable versions of simple-git
node_modules/@datadog/datadog-ci
@celonis/content-cli >=0.2.1
Depends on vulnerable versions of @datadog/datadog-ci
node_modules/@celonis/content-cli
3 high severity vulnerabilities
Vulnerabilities can be fixed with --force
flag, though I would manually check the swapped packages to ensure compatibility.