You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description : ansi-regex is vulnerable to Inefficient Regular Expression Complexity URL : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3807 Fix Version : 5.0.1 Path: /usr/local/lib/node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex
Suggestion:
Since this vulnerability is coming from npm ? why using a node image that has two package managers ? can't we just get one clean node image and then install Yarn into it?
We can use an image from node:<version>-slim instead of node:<version>-alpine
And then set it up with yarn only, this will solve this vulnerability.
The text was updated successfully, but these errors were encountered:
AgnesToulet
changed the title
[CVE-2021-3807] [ansi-regex] [5.0.0]
[CVE-2021-3807] [ansi-regex] [5.0.0] - Vulnerability on unused npm dependency
Dec 15, 2021
Environment:
What happened:
Description : ansi-regex is vulnerable to Inefficient Regular Expression Complexity
URL : https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3807
Fix Version : 5.0.1
Path: /usr/local/lib/node_modules/npm/node_modules/cli-table3/node_modules/ansi-regex
Suggestion:
Since this vulnerability is coming from npm ? why using a node image that has two package managers ? can't we just get one clean node image and then install Yarn into it?
We can use an image from node:<version>-slim instead of node:<version>-alpine
And then set it up with yarn only, this will solve this vulnerability.
The text was updated successfully, but these errors were encountered: