Skip to content

Fix npm critical security issues#48

Open
ignaciocarre wants to merge 1 commit intoiaincollins:masterfrom
ignaciocarre:master
Open

Fix npm critical security issues#48
ignaciocarre wants to merge 1 commit intoiaincollins:masterfrom
ignaciocarre:master

Conversation

@ignaciocarre
Copy link

@ignaciocarre ignaciocarre commented Jul 31, 2023

Summary

Upgrade dependencies with critical npm security warnings

Detail

After running npm audit we found that sdtt was having 1 critical notice:

# npm audit report

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
No fix available
node_modules/web-auto-extractor/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/web-auto-extractor/node_modules/css-select
    cheerio  0.19.0 - 1.0.0-rc.3
    Depends on vulnerable versions of css-select
    node_modules/web-auto-extractor/node_modules/cheerio
      web-auto-extractor  *
      Depends on vulnerable versions of cheerio
      node_modules/web-auto-extractor
        structured-data-testing-tool  *
        Depends on vulnerable versions of web-auto-extractor
        node_modules/structured-data-testing-tool

Checklist

If you would like your code to be merged into master and released, please complete this checklist and raise a Pull Request.

  • Review commit history and ensure messages follow best practice (short, imperative, well written, combine commits where appropriate).
  • Ensure branch is up-to-date with master before raising a Pull Request (e.g. run git rebase origin/master).
  • Ensure commit history does not include any merges (use rebase, not merge).
  • Ensure all existing unit tests still run and pass.
  • Add additional unit test coverage where possible.
  • Keeping dependancies up to date and running npm audit fix to fix flagged issues is appreciated.
  • Respect existing conventions (e.g. this repository uses JavaScript not Typescript, and NPM not yarn).

@iaincollins
Copy link
Owner

iaincollins commented Aug 1, 2023

Thanks for raising this, I'll test it and if it al seems fine merge it and get it published later today (good reminder that I should really automate the pipeline…)

@ignaciocarre
Copy link
Author

ignaciocarre commented Aug 2, 2023
edited
Loading

Great @iaincollins!, I did run all the tests in my local env, all passing here. Automation sounds even better, having all those greens on this PR would be a relief 😅

Hope you can merge it asap, thanks!

@jessealama
Copy link

jessealama commented Oct 29, 2025

It looks like the tasks laid out here have been taken care of?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ignaciocarre @iaincollins @jessealama @nachotmbi