我们切换到最新版本 (21) 的 cloud-s4-sdk-pipeline。新功能有效,但除了最新的依赖版本外,我们还会遇到npm 依赖审计错误。
调查结果摘要
• High Arbitrary File Overwrite vulnerability found in dependency "tar", see https://npmjs.com/advisories/803 for details.
• High Code Injection vulnerability found in dependency "js-yaml", see https://npmjs.com/advisories/813 for details.
• Moderate Regular Expression Denial of Service vulnerability found in dependency "mime", see https://npmjs.com/advisories/535 for details.
• Moderate Regular Expression Denial of Service vulnerability found in dependency "underscore.string", see https://npmjs.com/advisories/745 for details.
• Moderate Prototype Pollution vulnerability found in dependency "lodash", see https://npmjs.com/advisories/782 for details.
• Moderate Denial of Service vulnerability found in dependency "js-yaml", see https://npmjs.com/advisories/788 for details.
你有过类似的问题吗?有可用的解决方案吗?