Orca flags vulnerability in tmp packageΒ #10156
Description
Orca is flagging vulnerability in the tmp package, thus blocking deployment.
yarn why v1.22.19
[1/4] π€ Why do we have the module "tmp"...?
[2/4] π Initialising dependency graph...
(node:25227) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
(Use `node --trace-deprecation ...` to show where the warning was created)
warning Resolution field "[email protected]" is incompatible with requested version "es5-ext@^0.10.64"
warning Resolution field "[email protected]" is incompatible with requested version "thrift@^0.9.3"
warning Resolution field "[email protected]" is incompatible with requested version "tmp@^0.0.33"
warning Resolution field "[email protected]" is incompatible with requested version "tmp@^0.1.0"
[3/4] π Finding dependency...
[4/4] π‘ Calculating file sizes...
=> Found "[email protected]"
info Reasons this module exists
- "_project_#@cubejs-backend#elasticsearch-driver#testcontainers" depends on it
- Hoisted from "_project_#@cubejs-backend#elasticsearch-driver#testcontainers#tmp"
- Hoisted from "_project_#lerna#@nx#devkit#tmp"
- Hoisted from "_project_#lerna#nx#tmp"
- Hoisted from "_project_#@cubejs-backend#testing#cypress#tmp"
- Hoisted from "_project_#cubejs-cli#inquirer#external-editor#tmp"
- Hoisted from "_project_#@cubejs-backend#server#@oclif#dev-cli#qqjs#tmp"
info Disk size without dependencies: "52KB"
info Disk size with unique dependencies: "52KB"
info Disk size with transitive dependencies: "52KB"
info Number of shared dependencies: 0
β¨ Done in 0.62s.
@paveltiunov Could you please suggest what could be done?