search

IBM / nodejs-itoolkit

A JavaScript (Node.js) library for communicating with IBM i
MIT License
43 stars 37 forks source link

build: run npm audit fix #381

Closed abmusse closed 1 year ago

abmusse commented 1 year ago

pulled down the latest main branch and ran npm audit:

$ npm audit

get-func-name  <2.0.1
Severity: high
Chaijs/get-func-name vulnerable to ReDoS - https://github.com/advisories/GHSA-4q6p-r6v2-jvc5
fix available via `npm audit fix`
node_modules/get-func-name

json5  <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

semver  6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/@release-it/conventional-changelog/node_modules/semver
node_modules/eslint-config-airbnb-base/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/semver
  @release-it/conventional-changelog  5.1.1 - 7.0.0
  Depends on vulnerable versions of semver
  node_modules/@release-it/conventional-changelog

4 vulnerabilities (2 moderate, 2 high)

After running npm audit fix there are 0 vulnerabilities.