Vulnerable dependencies on forever@4.0.1 #1121
Comments
|
still happening for |
|
This still seems to be an issue. I'm using forever # npm audit report
glob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install forever@0.14.2, which is a breaking change
node_modules/chokidar/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/chokidar
forever-monitor >=1.6.0
Depends on vulnerable versions of chokidar
node_modules/forever-monitor
forever >=0.10.11
Depends on vulnerable versions of flatiron
Depends on vulnerable versions of forever-monitor
node_modules/forever
minimist <0.2.1
Severity: moderate
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix --force`
Will install forever@0.14.2, which is a breaking change
node_modules/optimist/node_modules/minimist
optimist >=0.6.0
Depends on vulnerable versions of minimist
node_modules/optimist
flatiron >=0.3.9
Depends on vulnerable versions of optimist
node_modules/flatiron
forever >=0.10.11
Depends on vulnerable versions of flatiron
Depends on vulnerable versions of forever-monitor
node_modules/forever
nconf 0.6.9 - 0.7.1
Depends on vulnerable versions of optimist
node_modules/nconf
broadway 0.2.9 - 0.3.6
Depends on vulnerable versions of nconf
node_modules/broadway
9 vulnerabilities (5 moderate, 4 high)``` |
|
Still an issue. changed 297 packages, and audited 298 packages in 4s 44 packages are looking for funding 13 vulnerabilities (1 moderate, 11 high, 1 critical) audit fix won't solve the problem |
Snyk report is showing multiple vulnerable dependencies on latest version of this repo.
1 high, 2 Medium, 1 low in severity
https://snyk.io/test/npm/forever
Do you have any fix in the pipeline or an ETA on when this will be patched and resolved?
Thanks,
The text was updated successfully, but these errors were encountered: