Vulnerability issue while running npm audit under test:security:npm #473
Description
Project environment details :
Node : 20.19.2
NPM : 11.1.4
React : 18.2.0
React-multi-carousel : 2.8.6
brace-expansion : 2.0.1
Description:
In my project we are using 'react-multi-carousel (v2.8.6)' package which is indirectly dependent on 'brace-expansion (v2.0.0)' package. recently new version of 'brace-expansion (v2.0.1)' was launched which is not compatible with current version of 'react-multi-carousel' which is causing for CICD pipeline failure. ( I was working well with v2.0.0 of brace-expansion )
npm audit report
brace-expansion 2.0.0 - 2.0.1
brace-expansion Regular Expression Denial of Service vulnerability - GHSA-v6h2-p8h4-qcjw
fix available via npm audit fix
node_modules/npm/node_modules/brace-expansion
1 low severity vulnerability
After running npm audit fix showing below warnings :
npm audit fix
npm warn audit fix [email protected] node_modules/npm/node_modules/brace-expansion
npm warn audit fix [email protected] is a bundled dependency of
npm warn audit fix [email protected] [email protected] at node_modules/npm
npm warn audit fix [email protected] It cannot be fixed automatically.
npm warn audit fix [email protected] Check for updates to the npm package.
Upgraded npm to a latest version that includes brace-expansion ≥ 2.0.2, but no luck!
Need you support in order to resolve this issue, Thank you.