Older tap dependency is pulling in audit / security issues #87
Description
I am updating grunt-shell-spawn to align with grunt 1.6.
jaseking@dev-dsk-jaseking-1e-9d9eb63c] npm ls tap
[email protected] /workplace/jaseking/grunt-shell-spawn
└─┬ [email protected]
└─┬ [email protected]
└── [email protected]
npm WARN audit fix @babel/[email protected] node_modules/tap/node_modules/@babel/helpers
npm WARN audit fix @babel/[email protected] is a bundled dependency of
npm WARN audit fix @babel/[email protected] [email protected] at node_modules/tap
npm WARN audit fix @babel/[email protected] It cannot be fixed automatically.
npm WARN audit fix @babel/[email protected] Check for updates to the tap package.
npm WARN audit fix [email protected] node_modules/tap/node_modules/ws
npm WARN audit fix [email protected] is a bundled dependency of
npm WARN audit fix [email protected] [email protected] at node_modules/tap
npm WARN audit fix [email protected] It cannot be fixed automatically.
npm WARN audit fix [email protected] Check for updates to the tap package.
up to date, audited 448 packages in 1s
41 packages are looking for funding
run `npm fund` for details
# npm audit report
@babel/helpers <7.26.10
Severity: moderate
Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups - https://github.com/advisories/GHSA-968p-4wvh-cqc8
fix available via `npm audit fix`
node_modules/tap/node_modules/@babel/helpers
ws 7.0.0 - 7.5.9
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/tap/node_modules/ws
2 vulnerabilities (1 moderate, 1 high)
To address all issues, run:
npm audit fix