Critical vulnerabilities found in npm audit

[prashiknikumbe-tf]

I am on latest version
"openapi-snippet": "^0.14.0",

[julian-alarcon]

It could be related to a vulnerability in version of httpsnippet used, as it is using an old ansi-regex.

httpsnippet "2.0.0" -> chalk "1.1.3" -> strip-ansi "3.0.1" -> ansi-regex "2.1.1"

or

tap-spec "5.0.0" -> chalk "1.1.3" -> has-ansi "2.0.0" -> ansi-regex "2.1.1"

It is also related with PR: #98 (comment)

httpsnippet was fixed in PR: Kong/httpsnippet@66baca6#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519

tap-spec is still vulnerable (https://github.com/scottcorgan/tap-spec/blob/master/package.json#L26), but as this is a devDependency, this is not that critical https://github.com/ErikWittern/openapi-snippet/blob/main/package.json#L29

[apgmartin]

It could be related to a vulnerability in version of httpsnippet used, as it is using an old ansi-regex.

httpsnippet "2.0.0" -> chalk "1.1.3" -> strip-ansi "3.0.1" -> ansi-regex "2.1.1"

or

tap-spec "5.0.0" -> chalk "1.1.3" -> has-ansi "2.0.0" -> ansi-regex "2.1.1"

It is also related with PR: #98 (comment)

httpsnippet was fixed in PR: Kong/httpsnippet@66baca6#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519

tap-spec is still vulnerable (https://github.com/scottcorgan/tap-spec/blob/master/package.json#L26), but as this is a devDependency, this is not that critical https://github.com/ErikWittern/openapi-snippet/blob/main/package.json#L29

Perhaps I misunderstood your comment but it is form-data that is the root cause of this vulnerability warning