celonis/content-cli

3 high security vulnerabilities

teodor-io opened this issue · 0 comments

teodor-io commented

After installing @celonis/content-cli, I notice 3 high security vulnerabilities within the packages:

# npm audit report

simple-git  <=3.4.0
Severity: high
Command injection in simple-git - https://github.com/advisories/GHSA-3f95-r44v-8mrg
Command injection in simple-git - https://github.com/advisories/GHSA-28xr-mwxg-3qc8
fix available via `npm audit fix --force`
Will install @celonis/content-cli@0.1.3, which is a breaking change
node_modules/simple-git
  @datadog/datadog-ci  0.10.0-alpha || 0.10.1-alpha || 0.10.3-alpha || 0.10.4-alpha || 0.10.5-alpha - 0.10.13-alpha || 0.11.6-alpha || 0.11.7 - 1.3.0-alpha
  Depends on vulnerable versions of simple-git
  node_modules/@datadog/datadog-ci
    @celonis/content-cli  >=0.2.1
    Depends on vulnerable versions of @datadog/datadog-ci
    node_modules/@celonis/content-cli

3 high severity vulnerabilities

Vulnerabilities can be fixed with --force flag, though I would manually check the swapped packages to ensure compatibility.