You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
npm 8.1.0 continues to install vulnerable versions of ansi-regex package - namely, @5.0.0, @2.1.1, and @3.0.0 - which results in the base Docker image being flagged by container security software.
Would it be possible to upgrade all dependencies to use ansi-regex@5.0.1?
Thanks!
The text was updated successfully, but these errors were encountered:
Version
No response
Platform
No response
Subsystem
No response
What steps will reproduce the bug?
No response
How often does it reproduce? Is there a required condition?
No response
What is the expected behavior?
No response
What do you see instead?
No response
Additional information
Following this bug report: nodejs/docker-node#1574 (comment)
npm 8.1.0 continues to install vulnerable versions of ansi-regex package - namely, @5.0.0, @2.1.1, and @3.0.0 - which results in the base Docker image being flagged by container security software.
Would it be possible to upgrade all dependencies to use ansi-regex@5.0.1?
Thanks!
The text was updated successfully, but these errors were encountered: