minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via npm audit fix --force
Will install react-scripts@5.0.1, which is a breaking change
node_modules/recursive-readdir/node_modules/minimatch
recursive-readdir 1.2.0 - 2.2.2
Depends on vulnerable versions of minimatch
node_modules/recursive-readdir
nth-check <2.0.1
Severity: high
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via npm audit fix --force
Will install react-scripts@5.0.1, which is a breaking change
node_modules/svgo/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/svgo/node_modules/css-select
svgo 1.0.0 - 1.3.2
Depends on vulnerable versions of css-select
node_modules/svgo
@svgr/plugin-svgo <=5.5.0
Depends on vulnerable versions of svgo
node_modules/@svgr/plugin-svgo
@svgr/webpack 4.0.0 - 5.5.0
Depends on vulnerable versions of @svgr/plugin-svgo
node_modules/@svgr/webpack
postcss-svgo <=5.0.0-rc.2
Depends on vulnerable versions of postcss
Depends on vulnerable versions of svgo
node_modules/postcss-svgo
postcss <=8.4.30
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via npm audit fix --force
Will install react-scripts@5.0.1, which is a breaking change
node_modules/postcss
node_modules/resolve-url-loader/node_modules/postcss
autoprefixer 1.0.20131222 - 9.8.8
Depends on vulnerable versions of postcss
node_modules/autoprefixer
postcss-preset-env <=7.0.0
Depends on vulnerable versions of autoprefixer
Depends on vulnerable versions of css-blank-pseudo
Depends on vulnerable versions of css-has-pseudo
Depends on vulnerable versions of css-prefers-color-scheme
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-attribute-case-insensitive
Depends on vulnerable versions of postcss-color-functional-notation
Depends on vulnerable versions of postcss-color-gray
Depends on vulnerable versions of postcss-color-hex-alpha
Depends on vulnerable versions of postcss-color-mod-function
Depends on vulnerable versions of postcss-color-rebeccapurple
Depends on vulnerable versions of postcss-custom-media
Depends on vulnerable versions of postcss-custom-properties
Depends on vulnerable versions of postcss-custom-selectors
Depends on vulnerable versions of postcss-dir-pseudo-class
Depends on vulnerable versions of postcss-double-position-gradients
Depends on vulnerable versions of postcss-env-function
Depends on vulnerable versions of postcss-focus-visible
Depends on vulnerable versions of postcss-focus-within
Depends on vulnerable versions of postcss-font-variant
Depends on vulnerable versions of postcss-gap-properties
Depends on vulnerable versions of postcss-image-set-function
Depends on vulnerable versions of postcss-initial
Depends on vulnerable versions of postcss-lab-function
Depends on vulnerable versions of postcss-logical
Depends on vulnerable versions of postcss-media-minmax
Depends on vulnerable versions of postcss-nesting
Depends on vulnerable versions of postcss-overflow-shorthand
Depends on vulnerable versions of postcss-page-break
Depends on vulnerable versions of postcss-place
Depends on vulnerable versions of postcss-pseudo-class-any-link
Depends on vulnerable versions of postcss-replace-overflow-wrap
Depends on vulnerable versions of postcss-selector-matches
Depends on vulnerable versions of postcss-selector-not
node_modules/postcss-preset-env
css-blank-pseudo <=1.0.0
Depends on vulnerable versions of postcss
node_modules/css-blank-pseudo
css-declaration-sorter <=5.1.2
Depends on vulnerable versions of postcss
node_modules/css-declaration-sorter
css-has-pseudo <=1.0.0
Depends on vulnerable versions of postcss
node_modules/css-has-pseudo
css-loader 0.15.0 - 4.3.0
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-modules-extract-imports
Depends on vulnerable versions of postcss-modules-local-by-default
Depends on vulnerable versions of postcss-modules-scope
Depends on vulnerable versions of postcss-modules-values
node_modules/css-loader
css-prefers-color-scheme <=4.0.0
Depends on vulnerable versions of postcss
node_modules/css-prefers-color-scheme
cssnano <=4.1.11
Depends on vulnerable versions of cssnano-preset-default
Depends on vulnerable versions of postcss
node_modules/cssnano
cssnano-preset-default <=4.0.8
Depends on vulnerable versions of css-declaration-sorter
Depends on vulnerable versions of cssnano-util-raw-cache
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-calc
Depends on vulnerable versions of postcss-colormin
Depends on vulnerable versions of postcss-convert-values
Depends on vulnerable versions of postcss-discard-comments
Depends on vulnerable versions of postcss-discard-duplicates
Depends on vulnerable versions of postcss-discard-empty
Depends on vulnerable versions of postcss-discard-overridden
Depends on vulnerable versions of postcss-merge-longhand
Depends on vulnerable versions of postcss-merge-rules
Depends on vulnerable versions of postcss-minify-font-values
Depends on vulnerable versions of postcss-minify-gradients
Depends on vulnerable versions of postcss-minify-params
Depends on vulnerable versions of postcss-minify-selectors
Depends on vulnerable versions of postcss-normalize-charset
Depends on vulnerable versions of postcss-normalize-display-values
Depends on vulnerable versions of postcss-normalize-positions
Depends on vulnerable versions of postcss-normalize-repeat-style
Depends on vulnerable versions of postcss-normalize-string
Depends on vulnerable versions of postcss-normalize-timing-functions
Depends on vulnerable versions of postcss-normalize-unicode
Depends on vulnerable versions of postcss-normalize-url
Depends on vulnerable versions of postcss-normalize-whitespace
Depends on vulnerable versions of postcss-ordered-values
Depends on vulnerable versions of postcss-reduce-initial
Depends on vulnerable versions of postcss-reduce-transforms
Depends on vulnerable versions of postcss-svgo
Depends on vulnerable versions of postcss-unique-selectors
node_modules/cssnano-preset-default
cssnano-util-raw-cache
Depends on vulnerable versions of postcss
node_modules/cssnano-util-raw-cache
icss-utils <=4.1.1
Depends on vulnerable versions of postcss
node_modules/icss-utils
postcss-modules-local-by-default <=4.0.0-rc.4
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/postcss-modules-local-by-default
postcss-modules-values <=4.0.0-rc.5
Depends on vulnerable versions of icss-utils
Depends on vulnerable versions of postcss
node_modules/postcss-modules-values
postcss-attribute-case-insensitive <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-attribute-case-insensitive
postcss-browser-comments <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-browser-comments
postcss-normalize <=9.0.0
Depends on vulnerable versions of postcss
Depends on vulnerable versions of postcss-browser-comments
node_modules/postcss-normalize
postcss-calc 4.1.0 - 7.0.5
Depends on vulnerable versions of postcss
node_modules/postcss-calc
postcss-color-functional-notation <=3.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-color-functional-notation
postcss-color-gray >=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-gray
postcss-color-hex-alpha 1.3.0 - 6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-hex-alpha
postcss-color-mod-function <=3.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-color-mod-function
postcss-color-rebeccapurple 1.2.0 - 6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-color-rebeccapurple
postcss-colormin <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-colormin
postcss-convert-values <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-convert-values
postcss-custom-media 4.0.0 - 7.0.8
Depends on vulnerable versions of postcss
node_modules/postcss-custom-media
postcss-custom-properties 3.3.0 - 10.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-custom-properties
postcss-custom-selectors 2.3.0 - 5.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-custom-selectors
postcss-dir-pseudo-class <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-dir-pseudo-class
postcss-discard-comments <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-comments
postcss-discard-duplicates 1.1.0 - 4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-discard-duplicates
postcss-discard-empty 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-empty
postcss-discard-overridden <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-discard-overridden
postcss-double-position-gradients <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-double-position-gradients
postcss-env-function <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-env-function
postcss-flexbugs-fixes <=4.2.1
Depends on vulnerable versions of postcss
node_modules/postcss-flexbugs-fixes
postcss-focus-visible <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-focus-visible
postcss-focus-within <=4.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-focus-within
postcss-font-variant 1.2.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-font-variant
postcss-gap-properties <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-gap-properties
postcss-image-set-function <=3.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-image-set-function
postcss-initial <=3.0.4
Depends on vulnerable versions of postcss
node_modules/postcss-initial
postcss-lab-function <=3.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-lab-function
postcss-loader <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-loader
postcss-logical <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-logical
postcss-media-minmax 1.2.0 - 4.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-media-minmax
postcss-merge-longhand <=4.0.11
Depends on vulnerable versions of postcss
Depends on vulnerable versions of stylehacks
node_modules/postcss-merge-longhand
postcss-merge-rules <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-merge-rules
postcss-minify-font-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-font-values
postcss-minify-gradients <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-gradients
postcss-minify-params <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-params
postcss-minify-selectors <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-minify-selectors
postcss-modules-extract-imports <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-extract-imports
postcss-modules-scope <=2.2.0
Depends on vulnerable versions of postcss
node_modules/postcss-modules-scope
postcss-nesting <=7.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-nesting
postcss-normalize-charset <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-charset
postcss-normalize-display-values <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-display-values
postcss-normalize-positions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-positions
postcss-normalize-repeat-style <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-repeat-style
postcss-normalize-string <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-string
postcss-normalize-timing-functions <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-timing-functions
postcss-normalize-unicode <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-unicode
postcss-normalize-url 1.1.0 - 4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-url
postcss-normalize-whitespace <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-normalize-whitespace
postcss-ordered-values <=4.1.2
Depends on vulnerable versions of postcss
node_modules/postcss-ordered-values
postcss-overflow-shorthand <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-overflow-shorthand
postcss-page-break <=2.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-page-break
postcss-place <=5.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-place
postcss-pseudo-class-any-link <=6.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-pseudo-class-any-link
postcss-reduce-initial <=4.0.3
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-initial
postcss-reduce-transforms <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-reduce-transforms
postcss-replace-overflow-wrap <=3.0.0
Depends on vulnerable versions of postcss
node_modules/postcss-replace-overflow-wrap
postcss-safe-parser <=4.0.2
Depends on vulnerable versions of postcss
node_modules/postcss-safe-parser
postcss-selector-matches
Depends on vulnerable versions of postcss
node_modules/postcss-selector-matches
postcss-selector-not <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-selector-not
postcss-unique-selectors <=4.0.1
Depends on vulnerable versions of postcss
node_modules/postcss-unique-selectors
stylehacks <=4.0.3
Depends on vulnerable versions of postcss
node_modules/stylehacks
request
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via npm audit fix
node_modules/request
jsdom 0.1.20 || 0.2.0 - 16.5.3
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-native
Depends on vulnerable versions of tough-cookie
node_modules/jest-environment-jsdom-fourteen/node_modules/jsdom
node_modules/jsdom
request-promise-core
Depends on vulnerable versions of request
node_modules/request-promise-core
request-promise-native >=1.0.0
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-core
Depends on vulnerable versions of tough-cookie
node_modules/request-promise-native
semver 6.0.0 - 6.3.0
Severity: high
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via npm audit fix --force
Will install react-scripts@5.0.1, which is a breaking change
node_modules/react-scripts/node_modules/semver
shell-quote <=1.7.2
Severity: critical
Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7
fix available via npm audit fix --force
Will install react-scripts@5.0.1, which is a breaking change
node_modules/shell-quote
webpack-dev-middleware <=5.3.3
Severity: high
Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
fix available via npm audit fix --force
Will install react-scripts@5.0.1, which is a breaking change
node_modules/webpack-dev-middleware
IInji
commented
1 day ago
minimatch <3.0.5 Severity: high minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via
npm audit fix --forceWill install react-scripts@5.0.1, which is a breaking change node_modules/recursive-readdir/node_modules/minimatch recursive-readdir 1.2.0 - 2.2.2 Depends on vulnerable versions of minimatch node_modules/recursive-readdirnode-forge <=1.2.1 Severity: high Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5 URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq Improper Verification of Cryptographic Signature in
node-forge- https://github.com/advisories/GHSA-2r2c-g63r-vccr Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgpImproper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765 Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434g fix available via
npm audit fix --forceWill install react-scripts@5.0.1, which is a breaking change node_modules/node-forge selfsigned 1.1.1 - 1.10.14 Depends on vulnerable versions of node-forge node_modules/selfsignednode-notifier <8.0.1 Severity: moderate OS Command Injection in node-notifier - https://github.com/advisories/GHSA-5fw9-fq32-wv5p fix available via
npm audit fixnode_modules/node-notifiernth-check <2.0.1 Severity: high Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr fix available via
npm audit fix --forceWill install react-scripts@5.0.1, which is a breaking change node_modules/svgo/node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/svgo/node_modules/css-select svgo 1.0.0 - 1.3.2 Depends on vulnerable versions of css-select node_modules/svgo @svgr/plugin-svgo <=5.5.0 Depends on vulnerable versions of svgo node_modules/@svgr/plugin-svgo @svgr/webpack 4.0.0 - 5.5.0 Depends on vulnerable versions of @svgr/plugin-svgo node_modules/@svgr/webpack postcss-svgo <=5.0.0-rc.2 Depends on vulnerable versions of postcss Depends on vulnerable versions of svgo node_modules/postcss-svgopostcss <=8.4.30 Severity: moderate Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3 Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5 PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j fix available via
npm audit fix --forceWill install react-scripts@5.0.1, which is a breaking change node_modules/postcss node_modules/resolve-url-loader/node_modules/postcss autoprefixer 1.0.20131222 - 9.8.8 Depends on vulnerable versions of postcss node_modules/autoprefixer postcss-preset-env <=7.0.0 Depends on vulnerable versions of autoprefixer Depends on vulnerable versions of css-blank-pseudo Depends on vulnerable versions of css-has-pseudo Depends on vulnerable versions of css-prefers-color-scheme Depends on vulnerable versions of postcss Depends on vulnerable versions of postcss-attribute-case-insensitive Depends on vulnerable versions of postcss-color-functional-notation Depends on vulnerable versions of postcss-color-gray Depends on vulnerable versions of postcss-color-hex-alpha Depends on vulnerable versions of postcss-color-mod-function Depends on vulnerable versions of postcss-color-rebeccapurple Depends on vulnerable versions of postcss-custom-media Depends on vulnerable versions of postcss-custom-properties Depends on vulnerable versions of postcss-custom-selectors Depends on vulnerable versions of postcss-dir-pseudo-class Depends on vulnerable versions of postcss-double-position-gradients Depends on vulnerable versions of postcss-env-function Depends on vulnerable versions of postcss-focus-visible Depends on vulnerable versions of postcss-focus-within Depends on vulnerable versions of postcss-font-variant Depends on vulnerable versions of postcss-gap-properties Depends on vulnerable versions of postcss-image-set-function Depends on vulnerable versions of postcss-initial Depends on vulnerable versions of postcss-lab-function Depends on vulnerable versions of postcss-logical Depends on vulnerable versions of postcss-media-minmax Depends on vulnerable versions of postcss-nesting Depends on vulnerable versions of postcss-overflow-shorthand Depends on vulnerable versions of postcss-page-break Depends on vulnerable versions of postcss-place Depends on vulnerable versions of postcss-pseudo-class-any-link Depends on vulnerable versions of postcss-replace-overflow-wrap Depends on vulnerable versions of postcss-selector-matches Depends on vulnerable versions of postcss-selector-not node_modules/postcss-preset-env css-blank-pseudo <=1.0.0 Depends on vulnerable versions of postcss node_modules/css-blank-pseudo css-declaration-sorter <=5.1.2 Depends on vulnerable versions of postcss node_modules/css-declaration-sorter css-has-pseudo <=1.0.0 Depends on vulnerable versions of postcss node_modules/css-has-pseudo css-loader 0.15.0 - 4.3.0 Depends on vulnerable versions of icss-utils Depends on vulnerable versions of postcss Depends on vulnerable versions of postcss-modules-extract-imports Depends on vulnerable versions of postcss-modules-local-by-default Depends on vulnerable versions of postcss-modules-scope Depends on vulnerable versions of postcss-modules-values node_modules/css-loader css-prefers-color-scheme <=4.0.0 Depends on vulnerable versions of postcss node_modules/css-prefers-color-scheme cssnano <=4.1.11 Depends on vulnerable versions of cssnano-preset-default Depends on vulnerable versions of postcss node_modules/cssnano cssnano-preset-default <=4.0.8 Depends on vulnerable versions of css-declaration-sorter Depends on vulnerable versions of cssnano-util-raw-cache Depends on vulnerable versions of postcss Depends on vulnerable versions of postcss-calc Depends on vulnerable versions of postcss-colormin Depends on vulnerable versions of postcss-convert-values Depends on vulnerable versions of postcss-discard-comments Depends on vulnerable versions of postcss-discard-duplicates Depends on vulnerable versions of postcss-discard-empty Depends on vulnerable versions of postcss-discard-overridden Depends on vulnerable versions of postcss-merge-longhand Depends on vulnerable versions of postcss-merge-rules Depends on vulnerable versions of postcss-minify-font-values Depends on vulnerable versions of postcss-minify-gradients Depends on vulnerable versions of postcss-minify-params Depends on vulnerable versions of postcss-minify-selectors Depends on vulnerable versions of postcss-normalize-charset Depends on vulnerable versions of postcss-normalize-display-values Depends on vulnerable versions of postcss-normalize-positions Depends on vulnerable versions of postcss-normalize-repeat-style Depends on vulnerable versions of postcss-normalize-string Depends on vulnerable versions of postcss-normalize-timing-functions Depends on vulnerable versions of postcss-normalize-unicode Depends on vulnerable versions of postcss-normalize-url Depends on vulnerable versions of postcss-normalize-whitespace Depends on vulnerable versions of postcss-ordered-values Depends on vulnerable versions of postcss-reduce-initial Depends on vulnerable versions of postcss-reduce-transforms Depends on vulnerable versions of postcss-svgo Depends on vulnerable versions of postcss-unique-selectors node_modules/cssnano-preset-default cssnano-util-raw-cache Depends on vulnerable versions of postcss node_modules/cssnano-util-raw-cache icss-utils <=4.1.1 Depends on vulnerable versions of postcss node_modules/icss-utils postcss-modules-local-by-default <=4.0.0-rc.4 Depends on vulnerable versions of icss-utils Depends on vulnerable versions of postcss node_modules/postcss-modules-local-by-default postcss-modules-values <=4.0.0-rc.5 Depends on vulnerable versions of icss-utils Depends on vulnerable versions of postcss node_modules/postcss-modules-values postcss-attribute-case-insensitive <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-attribute-case-insensitive postcss-browser-comments <=3.0.0 Depends on vulnerable versions of postcss node_modules/postcss-browser-comments postcss-normalize <=9.0.0 Depends on vulnerable versions of postcss Depends on vulnerable versions of postcss-browser-comments node_modules/postcss-normalize postcss-calc 4.1.0 - 7.0.5 Depends on vulnerable versions of postcss node_modules/postcss-calc postcss-color-functional-notation <=3.0.2 Depends on vulnerable versions of postcss node_modules/postcss-color-functional-notation postcss-color-gray >=3.0.0 Depends on vulnerable versions of postcss node_modules/postcss-color-gray postcss-color-hex-alpha 1.3.0 - 6.0.0 Depends on vulnerable versions of postcss node_modules/postcss-color-hex-alpha postcss-color-mod-function <=3.0.3 Depends on vulnerable versions of postcss node_modules/postcss-color-mod-function postcss-color-rebeccapurple 1.2.0 - 6.0.0 Depends on vulnerable versions of postcss node_modules/postcss-color-rebeccapurple postcss-colormin <=4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-colormin postcss-convert-values <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-convert-values postcss-custom-media 4.0.0 - 7.0.8 Depends on vulnerable versions of postcss node_modules/postcss-custom-media postcss-custom-properties 3.3.0 - 10.0.0 Depends on vulnerable versions of postcss node_modules/postcss-custom-properties postcss-custom-selectors 2.3.0 - 5.1.2 Depends on vulnerable versions of postcss node_modules/postcss-custom-selectors postcss-dir-pseudo-class <=5.0.0 Depends on vulnerable versions of postcss node_modules/postcss-dir-pseudo-class postcss-discard-comments <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-discard-comments postcss-discard-duplicates 1.1.0 - 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-discard-duplicates postcss-discard-empty 1.1.0 - 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-discard-empty postcss-discard-overridden <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-discard-overridden postcss-double-position-gradients <=2.0.0 Depends on vulnerable versions of postcss node_modules/postcss-double-position-gradients postcss-env-function <=3.0.0 Depends on vulnerable versions of postcss node_modules/postcss-env-function postcss-flexbugs-fixes <=4.2.1 Depends on vulnerable versions of postcss node_modules/postcss-flexbugs-fixes postcss-focus-visible <=5.0.0 Depends on vulnerable versions of postcss node_modules/postcss-focus-visible postcss-focus-within <=4.0.0 Depends on vulnerable versions of postcss node_modules/postcss-focus-within postcss-font-variant 1.2.0 - 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-font-variant postcss-gap-properties <=2.0.0 Depends on vulnerable versions of postcss node_modules/postcss-gap-properties postcss-image-set-function <=3.0.1 Depends on vulnerable versions of postcss node_modules/postcss-image-set-function postcss-initial <=3.0.4 Depends on vulnerable versions of postcss node_modules/postcss-initial postcss-lab-function <=3.1.2 Depends on vulnerable versions of postcss node_modules/postcss-lab-function postcss-loader <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-loader postcss-logical <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-logical postcss-media-minmax 1.2.0 - 4.0.0 Depends on vulnerable versions of postcss node_modules/postcss-media-minmax postcss-merge-longhand <=4.0.11 Depends on vulnerable versions of postcss Depends on vulnerable versions of stylehacks node_modules/postcss-merge-longhand postcss-merge-rules <=4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-merge-rules postcss-minify-font-values <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-font-values postcss-minify-gradients <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-gradients postcss-minify-params <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-params postcss-minify-selectors <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-selectors postcss-modules-extract-imports <=2.0.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-extract-imports postcss-modules-scope <=2.2.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-scope postcss-nesting <=7.0.1 Depends on vulnerable versions of postcss node_modules/postcss-nesting postcss-normalize-charset <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-normalize-charset postcss-normalize-display-values <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-display-values postcss-normalize-positions <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-positions postcss-normalize-repeat-style <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-repeat-style postcss-normalize-string <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-string postcss-normalize-timing-functions <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-timing-functions postcss-normalize-unicode <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-normalize-unicode postcss-normalize-url 1.1.0 - 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-normalize-url postcss-normalize-whitespace <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-whitespace postcss-ordered-values <=4.1.2 Depends on vulnerable versions of postcss node_modules/postcss-ordered-values postcss-overflow-shorthand <=2.0.0 Depends on vulnerable versions of postcss node_modules/postcss-overflow-shorthand postcss-page-break <=2.0.0 Depends on vulnerable versions of postcss node_modules/postcss-page-break postcss-place <=5.0.0 Depends on vulnerable versions of postcss node_modules/postcss-place postcss-pseudo-class-any-link <=6.0.0 Depends on vulnerable versions of postcss node_modules/postcss-pseudo-class-any-link postcss-reduce-initial <=4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-reduce-initial postcss-reduce-transforms <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-reduce-transforms postcss-replace-overflow-wrap <=3.0.0 Depends on vulnerable versions of postcss node_modules/postcss-replace-overflow-wrap postcss-safe-parser <=4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-safe-parser postcss-selector-matches Depends on vulnerable versions of postcss node_modules/postcss-selector-matches postcss-selector-not <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-selector-not postcss-unique-selectors <=4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-unique-selectors stylehacks <=4.0.3 Depends on vulnerable versions of postcss node_modules/stylehacksrequest Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie fix available via
npm audit fixnode_modules/request jsdom 0.1.20 || 0.2.0 - 16.5.3 Depends on vulnerable versions of request Depends on vulnerable versions of request-promise-native Depends on vulnerable versions of tough-cookie node_modules/jest-environment-jsdom-fourteen/node_modules/jsdom node_modules/jsdom request-promise-core Depends on vulnerable versions of request node_modules/request-promise-core request-promise-native >=1.0.0 Depends on vulnerable versions of request Depends on vulnerable versions of request-promise-core Depends on vulnerable versions of tough-cookie node_modules/request-promise-nativesemver 6.0.0 - 6.3.0 Severity: high semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw fix available via
npm audit fix --forceWill install react-scripts@5.0.1, which is a breaking change node_modules/react-scripts/node_modules/semvershell-quote <=1.7.2 Severity: critical Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7 fix available via
npm audit fix --forceWill install react-scripts@5.0.1, which is a breaking change node_modules/shell-quotetough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 fix available via
npm audit fixnode_modules/tough-cookiewebpack-dev-middleware <=5.3.3 Severity: high Path traversal in webpack-dev-middleware - https://github.com/advisories/GHSA-wr3j-pwj9-hqq6 fix available via
npm audit fix --forceWill install react-scripts@5.0.1, which is a breaking change node_modules/webpack-dev-middleware152 vulnerabilities (1 low, 122 moderate, 26 high, 3 critical)
To address issues that do not require attention, run: npm audit fix
To address all issues (including breaking changes), run: npm audit fix --force