You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
❯ npm audit
# npm audit report
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix`
node_modules/request
semver <5.7.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install prebuild@7.2.2, which is a breaking change
node_modules/nw-gyp/node_modules/semver
nw-gyp *
Depends on vulnerable versions of request
Depends on vulnerable versions of semver
Depends on vulnerable versions of tar
node_modules/nw-gyp
prebuild >=4.0.0
Depends on vulnerable versions of node-ninja
Depends on vulnerable versions of nw-gyp
node_modules/prebuild
tar <=6.2.0
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36
fix available via `npm audit fix --force`
Will install prebuild@7.2.2, which is a breaking change
node_modules/node-ninja/node_modules/tar
node_modules/nw-gyp/node_modules/tar
node-ninja *
Depends on vulnerable versions of request
Depends on vulnerable versions of tar
node_modules/node-ninja
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix`
node_modules/tough-cookie
7 vulnerabilities (3 moderate, 4 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
It would be nice to resolve these somehow... They are causing noise in dependabot and others.
The text was updated successfully, but these errors were encountered:
It would be nice to resolve these somehow... They are causing noise in dependabot and others.
The text was updated successfully, but these errors were encountered: