Older tap dependency is pulling in audit / security issues #87
Description
I am updating grunt-shell-spawn to align with grunt 1.6.
jaseking@dev-dsk-jaseking-1e-9d9eb63c] npm ls tap
grunt-shell-spawn@0.5.0 /workplace/jaseking/grunt-shell-spawn
└─┬ grunt-contrib-nodeunit@5.0.0
└─┬ nodeunit-x@0.16.0
└── tap@16.3.10
npm WARN audit fix @babel/helpers@7.23.6 node_modules/tap/node_modules/@babel/helpers
npm WARN audit fix @babel/helpers@7.23.6 is a bundled dependency of
npm WARN audit fix @babel/helpers@7.23.6 tap@16.3.10 at node_modules/tap
npm WARN audit fix @babel/helpers@7.23.6 It cannot be fixed automatically.
npm WARN audit fix @babel/helpers@7.23.6 Check for updates to the tap package.
npm WARN audit fix ws@7.5.9 node_modules/tap/node_modules/ws
npm WARN audit fix ws@7.5.9 is a bundled dependency of
npm WARN audit fix ws@7.5.9 tap@16.3.10 at node_modules/tap
npm WARN audit fix ws@7.5.9 It cannot be fixed automatically.
npm WARN audit fix ws@7.5.9 Check for updates to the tap package.
up to date, audited 448 packages in 1s
41 packages are looking for funding
run `npm fund` for details
# npm audit report
@babel/helpers <7.26.10
Severity: moderate
Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups - https://github.com/advisories/GHSA-968p-4wvh-cqc8
fix available via `npm audit fix`
node_modules/tap/node_modules/@babel/helpers
ws 7.0.0 - 7.5.9
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/tap/node_modules/ws
2 vulnerabilities (1 moderate, 1 high)
To address all issues, run:
npm audit fix