Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

npm audit fix #76

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

npm audit fix #76

wants to merge 1 commit into from

Conversation

ooxi
Copy link

@ooxi ooxi commented Jun 27, 2022

Version of some indirect dependencies had to be bumped. Version in package-lock.json also updated with version from package.json


# npm audit report

ansi-regex  4.0.0 - 4.1.0
Severity: high
 Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/cliui/node_modules/ansi-regex
node_modules/wrap-ansi/node_modules/ansi-regex
node_modules/yargs/node_modules/ansi-regex

async  2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async

follow-redirects  <=1.14.7
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
fix available via `npm audit fix`
node_modules/follow-redirects

json-schema  <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
  jsprim  0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
  Depends on vulnerable versions of json-schema
  node_modules/jsprim

minimist  <1.2.6
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist

nanoid  3.0.0 - 3.1.30
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix`
node_modules/nanoid

node-forge  <=1.2.1
Severity: moderate
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
fix available via `npm audit fix`
node_modules/node-forge
  selfsigned  1.1.1 - 1.10.14
  Depends on vulnerable versions of node-forge
  node_modules/selfsigned
    webpack-dev-server  2.5.0 - 4.7.2
    Depends on vulnerable versions of selfsigned
    node_modules/webpack-dev-server

node-sass  2.0.0 - 6.0.1
Severity: moderate
Improper Certificate Validation in node-sass - https://github.com/advisories/GHSA-r8f7-9pfq-mjmv
fix available via `npm audit fix`
node_modules/node-sass
  sass-loader  0.4.0-beta.1 - 6.0.7 || 8.0.0 - 12.3.0
  Depends on vulnerable versions of node-sass
  node_modules/sass-loader

12 vulnerabilities (6 moderate, 3 high, 3 critical)

To address all issues, run:
  npm audit fix

Version of some indirect dependencies had to be bumped.
This was referenced Jun 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant