npm audit is flagging a TSOA sub-dependency as vulnerable:
$ npm audit
=== npm audit security report ===
# Run npm install [email protected] to resolve 2 vulnerabilities
Moderate Regular Expression Denial of Service
Package underscore.string
Dependency of tsoa
Path tsoa > handlebars-helpers > helper-markdown > remarkable >
argparse > underscore.string
More info https://nodesecurity.io/advisories/745
Moderate Regular Expression Denial of Service
Package underscore.string
Dependency of tsoa
Path tsoa > handlebars-helpers > helper-md > remarkable >
argparse > underscore.string
More info https://nodesecurity.io/advisories/745
found 2 moderate severity vulnerabilities in 7673 scanned packages
run `npm audit fix` to fix 2 of them.
Running npm install [email protected] does not fix this
Looks like handlebars-helpers hasn't been updated in a year. Maybe it's worth ditching the dependency, so people can make the decision for themselves whether it's worth keeping it around, if they need it for their templates.
This should be resolved in 2.3.6.
Most helpful comment
This should be resolved in 2.3.6.