mongodb requires
credential-providers requires
client-cognito-identity requires
middleware-signing requires
signature-v4 (upgraded) requires
evenstream-codec requires
crc32

tslib is a dependency of crc32

...took some digging

Root cause is that a well nested dependency of mongodb, that isn't even used directly in this app, threw a vuln

From running npm audit

# npm audit report

fast-xml-parser  <4.2.4
Severity: high
fast-xml-parser vulnerable to Regex Injection via Doctype Entities - https://github.com/advisories/GHSA-6w63-h3fj-q4vw
fix available via `npm audit fix`
node_modules/fast-xml-parser
  @aws-sdk/client-sts  <=3.54.1 || 3.55.0 - 3.186.1 || 3.188.0 - 3.335.0 || 3.337.0 - 3.347.0
  Depends on vulnerable versions of fast-xml-parser
  node_modules/@aws-sdk/client-sts
    @aws-sdk/client-cognito-identity  3.12.0 - 3.54.1 || 3.55.0 - 3.347.0
    Depends on vulnerable versions of @aws-sdk/client-sts
    node_modules/@aws-sdk/client-cognito-identity
      @aws-sdk/credential-provider-cognito-identity  3.12.0 - 3.347.0
      Depends on vulnerable versions of @aws-sdk/client-cognito-identity
      node_modules/@aws-sdk/credential-provider-cognito-identity
    @aws-sdk/credential-providers  <=3.347.0
    Depends on vulnerable versions of @aws-sdk/client-sts
    node_modules/@aws-sdk/credential-providers

move from master

This revision was landed with ongoing or failed builds.Jun 13 2023, 16:49

Closed by commit rABC198545d6cddb: [alias-server] Run npm audit fix to update dependencies (authored by bytesofman). · Explain Why

This revision was automatically updated to reflect the committed changes.

bytesofman added a commit: rABC198545d6cddb: [alias-server] Run npm audit fix to update dependencies.

Harbormaster completed remote builds in B24020: Diff 40763.Jun 13 2023, 16:50

bytesofman removed a child revision: D14046: [alias-server] Move aliasConstants out of config and into constants dir.Jun 13 2023, 16:51