Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

6 high severity vulnerabilities - Inefficient Regular Expression Complexity in nth-check #7

Open
readysetagile opened this issue Jul 28, 2022 · 10 comments · Fixed by #8
Assignees
Labels
bug Something isn't working

Comments

@readysetagile
Copy link
Collaborator

The latest commit shows the following message with a npm audit Please resolve the vulnerabilities

nth-check  <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr

a suggested fix is here

@readysetagile
Copy link
Collaborator Author

Amy - I am going to assign this issue to you just to test the process of finding and fixing issues. Please comment (or re-assign to fix)

@amyngb
Copy link
Collaborator

amyngb commented Jul 28, 2022

Testing testing.

@amyngb
Copy link
Collaborator

amyngb commented Jul 28, 2022

Not sure how to "reassign to fix"...?

@readysetagile
Copy link
Collaborator Author

Oh - I just meant change the "assignees" on the right.

So if you think someone from the people you were working with last night in the Armadillo Room could benefit by taking on this "learning opportunity", change the assignee from you to someone else.

(The fix is simple. After fixing I got a found 0 vulnerabilities message after the audit)

@amyngb
Copy link
Collaborator

amyngb commented Jul 28, 2022

@Toilaf @koto253 I've assigned y'all to this issue so you can get some practice with PRs and fixes.

@koto253 koto253 linked a pull request Jul 29, 2022 that will close this issue
@amyngb amyngb closed this as completed in #8 Jul 29, 2022
@readysetagile
Copy link
Collaborator Author

Re-opening. See comment in merge commit. #8

@readysetagile readysetagile reopened this Jul 29, 2022
@readysetagile readysetagile added the bug Something isn't working label Aug 6, 2022
@readysetagile readysetagile moved this to Ready for development - feature has a GitHub issue assigned and can be developed in FreeCodeCamp Columbus Website Aug 6, 2022
@readysetagile readysetagile moved this from Ready for development - feature has a GitHub issue assigned and can be developed to In development - at least one person is developing this item in FreeCodeCamp Columbus Website Aug 6, 2022
@amyngb
Copy link
Collaborator

amyngb commented Aug 7, 2022

@koto253 this issue has been reopened. I shared a fix with you in Discord if you'd like to create a new PR to fix it.

@readysetagile
Copy link
Collaborator Author

Tested on my app. "found 0 vulnerabilities"

Repository owner moved this from In development - at least one person is developing this item to Done! - the feature is in production waiting to be seen by the world! in FreeCodeCamp Columbus Website Aug 23, 2022
@readysetagile readysetagile moved this from Done! - the feature is in production waiting to be seen by the world! to Ready to be staged - the feature is currently in the dev environment waiting to be moved to staging environment in FreeCodeCamp Columbus Website Aug 23, 2022
@readysetagile readysetagile moved this from Ready to be staged - the feature is currently in the dev environment waiting to be moved to staging environment to In development - at least one person is developing this item in FreeCodeCamp Columbus Website Aug 23, 2022
@readysetagile
Copy link
Collaborator Author

na I take that back. didn't stash my changes b4 pull (rookie mistake). Re-opening

@readysetagile readysetagile reopened this Aug 23, 2022
@readysetagile
Copy link
Collaborator Author

readysetagile commented Sep 11, 2022

I implemented the suggested fixes. Currently showing 0 vulnerabilities. Moving to ready to be staged
works: facebook/create-react-app#12055


My change which works

 "dependencies": {
    "nth-check": "^2.1.1",
    "react-scripts": "^5.0.1",
  },
  "devDependencies": {
	"@svgr/webpack": "^6.2.1"
  },
  "overrides": {
	"@svgr/webpack": "$@svgr/webpack"
  },

@readysetagile readysetagile moved this from In development - at least one person is developing this item to Ready to be staged - the feature is currently in the dev environment waiting to be moved to staging environment in FreeCodeCamp Columbus Website Sep 11, 2022
@readysetagile readysetagile moved this from Ready to be staged - the feature is currently in the dev environment waiting to be moved to staging environment to Ready for Deployment - the feature has been tested and is awating production deployment in FreeCodeCamp Columbus Website Sep 11, 2022
@readysetagile readysetagile moved this from Ready for Deployment - the feature has been tested and is awating production deployment to Done! - the feature is in production waiting to be seen by the world! in FreeCodeCamp Columbus Website Jul 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
Development

Successfully merging a pull request may close this issue.

4 participants