Version 4.0.1 has vulnarable dependencies #188
Description
Steps to reproduce:
npm i aws-lambda-ric@4.0.1
npm audit
# npm audit report
minimatch <10.2.1
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
fix available via `npm audit fix --force`
Will install aws-lambda-ric@1.0.0, which is a breaking change
node_modules/minimatch
glob 3.0.0 - 10.5.0
Depends on vulnerable versions of minimatch
node_modules/glob
cacache 6.1.1 - 19.0.1
Depends on vulnerable versions of glob
node_modules/cacache
make-fetch-happen <=14.0.3
Depends on vulnerable versions of cacache
node_modules/make-fetch-happen
node-gyp 8.0.0 - 11.5.0
Depends on vulnerable versions of make-fetch-happen
node_modules/node-gyp
aws-lambda-ric >=1.1.0
Depends on vulnerable versions of node-gyp
node_modules/aws-lambda-ric
6 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force