You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Title: Update the lockfile to automatically remove the vulnerability introduced in reshuffle@1.0.9
Hi, @ashevat, I have reported a vulnerability in package tedious.
As far as I am aware, vulnerability CVE-2021-28458 detected in package @azure/ms-rest-nodeauth<3.0.8 is directly referenced by tedious@6.7.0, on which your package reshuffle@1.0.9 transiively depends. As such, this vulnerability can also affect reshuffle@1.0.9 via the following path: reshuffle@1.0.9 ➔ mssql@6.3.2 ➔ tedious@6.7.0 ➔ @azure/ms-rest-nodeauth@2.0.2(vulnerable version)
Since tedious has released a new patched version tedious@6.7.1 to resolve this issue (tedious@6.7.1 ➔ @azure/ms-rest-nodeauth@3.0.10(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path : reshuffle@1.0.9 ➔ mssql@6.3.2 ➔ tedious@6.7.1 ➔ @azure/ms-rest-nodeauth@3.0.10(vulnerability fix version).
A warm tip.^_^
The text was updated successfully, but these errors were encountered:
Title: Update the lockfile to automatically remove the vulnerability introduced in reshuffle@1.0.9
Hi, @ashevat, I have reported a vulnerability in package tedious.
As far as I am aware, vulnerability CVE-2021-28458 detected in package @azure/ms-rest-nodeauth<3.0.8 is directly referenced by tedious@6.7.0, on which your package reshuffle@1.0.9 transiively depends. As such, this vulnerability can also affect reshuffle@1.0.9 via the following path:
reshuffle@1.0.9 ➔ mssql@6.3.2 ➔ tedious@6.7.0 ➔ @azure/ms-rest-nodeauth@2.0.2(vulnerable version)
Since tedious has released a new patched version tedious@6.7.1 to resolve this issue (tedious@6.7.1 ➔ @azure/ms-rest-nodeauth@3.0.10(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
reshuffle@1.0.9 ➔ mssql@6.3.2 ➔ tedious@6.7.1 ➔ @azure/ms-rest-nodeauth@3.0.10(vulnerability fix version)
.A warm tip.^_^
The text was updated successfully, but these errors were encountered: