ssri 6.0.1 vulnerability

[networkandcode]

Hi, Prisma cloud scan for our docker container which has node 12 and npm 6.14.12 detected a vulnerability for the ssri 6.0.1 package. Any solution for this please.

Description of the vulnerability and fix below:
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

Steps in Dockerfile we used to install node12 and npm:

RUN curl -sL https://deb.nodesource.com/setup_12.x | bash 
RUN apt install -y nodejs

# Upgrade npm to 6.14.12
RUN npm install npm@6 -g

[nlf]

we've already published [email protected] that resolves this vulnerability and [email protected] that includes this update. advisory databases are still being updated to reflect the fix.

[networkandcode]

@nlf not sure why the scan still shows [email protected] even after updating npm to 6.14.12

[dywilson-firstam]

@networkandcode, fyi the upgrade to [email protected] was done in npm 6.14.13.

@nlf, am I to assume the upgrade to [email protected] also in npm 6.14.13 was to resolve CVE-2021-23362?