Uses dependencies with several security vulnerabilities #75
Description
The current code base uses versions of dependencies with several identified vulnerabilities:
Moderate Cross-site Scripting in sanitize-url
Package @braintree/sanitize-url
Patched in >=6.0.0
Dependency of code-to-graph
Path code-to-graph > mermaid > @braintree/sanitize-url
More info https://github.com/advisories/GHSA-hqq7-2q2v-82xq
Moderate Possible inject arbitrary `CSS` into the generated graph
affecting the container HTML
Package mermaid
Patched in >=9.1.2
Dependency of code-to-graph
Path code-to-graph > mermaid
More info https://github.com/advisories/GHSA-x3vm-38hw-55wf
High d3-color vulnerable to ReDoS
Package d3-color
Patched in >=3.1.0
Dependency of code-to-graph
Path code-to-graph > mermaid > dagre-d3 > d3 > d3-color
More info https://github.com/advisories/GHSA-36jr-mh4h-2g58
High d3-color vulnerable to ReDoS
Package d3-color
Patched in >=3.1.0
Dependency of code-to-graph
Path code-to-graph > mermaid > dagre-d3 > d3 > d3-interpolate >
d3-color
More info https://github.com/advisories/GHSA-36jr-mh4h-2g58
High d3-color vulnerable to ReDoS
Package d3-color
Patched in >=3.1.0
Dependency of code-to-graph
Path code-to-graph > mermaid > dagre-d3 > d3 > d3-brush >
d3-interpolate > d3-color
More info https://github.com/advisories/GHSA-36jr-mh4h-2g58
High d3-color vulnerable to ReDoS
Package d3-color
Patched in >=3.1.0
Dependency of code-to-graph
Path code-to-graph > mermaid > dagre-d3 > d3 > d3-brush >
d3-transition > d3-interpolate > d3-color
More info https://github.com/advisories/GHSA-36jr-mh4h-2g58