like-gold
like-gold2y ago

3 high severity vulnerabilities

Recently we're tasked to look into vulnerabilities in the code. We find that the default project creation for refine already has 3 high severity vulnerabilities. We tried to update but it breaks the code. Is there anyone facing such issue? Below is the result when I run npm audit 
# npm audit report

marked  <=4.0.9
Severity: high
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-rrrm-qjm4-v8hf
No fix available
node_modules/marked
  ink-markdown  *
  Depends on vulnerable versions of marked
  node_modules/ink-markdown
    @refinedev/cli  *
    Depends on vulnerable versions of ink-markdown
    node_modules/@refinedev/cli

3 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.
# npm audit report

marked  <=4.0.9
Severity: high
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-rrrm-qjm4-v8hf
No fix available
node_modules/marked
  ink-markdown  *
  Depends on vulnerable versions of marked
  node_modules/ink-markdown
    @refinedev/cli  *
    Depends on vulnerable versions of ink-markdown
    node_modules/@refinedev/cli

3 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.
7 Replies
kapa.ai
kapa.ai2y ago
Hi @stelarinc. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- Hmm, I don't know enough to give you a confident answer yet. The information extracts provided do not contain specific details about handling vulnerabilities in refine. It would be best to reach out to the refine community or check the official documentation for more information on this issue. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
kapa.ai
kapa.ai2y ago
<@1066527438663860284> kapa.ai is still learning and improving, please let us know how it did by reacting below
like-gold
like-goldOP2y ago
@kapa.ai , where can I find the community?
kapa.ai
kapa.ai2y ago
Let me check the knowledge base for you. One moment! :books: ---------------------- You can find the refine community in several places: - Discord (https://discord.gg/refine): This is the easiest way to get help and ask questions to the developers and other users. All questions are usually answered in around 30 minutes. - GitHub Discussions (https://github.com/refinedev/refine/discussions): Here you can ask anything about the refine project or give feedback. - Community Room (https://discord.gg/refine): If you plan to work on an issue or a new feature, you can discuss it with other community members/maintainers here. You can also follow refine on Twitter (https://twitter.com/refine_dev) for updates and announcements. If you're interested in contributing to refine, you can learn how to do so here (https://refine.dev/docs/contributing/). ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
kapa.ai
kapa.ai2y ago
<@1066527438663860284> kapa.ai is still learning and improving, please let us know how it did by reacting below
stormy-gold
stormy-gold2y ago
Hey @stelarinc 👋 This is related to a dependency in our @refinedev/cli package, which is not included in the bundle and only used in the development environment. Let us investigate how to get rid of these warnings but these warnings are in safe area 🙏
like-gold
like-goldOP2y ago
That's great! Thank you!

Did you find this page helpful?