search

NGRP / node-red-contrib-viseo

Node-RED nodes OpenSourced by VISEO Technologies
Apache License 2.0
226 stars 83 forks source link

npm audit: Spreadsheet and helper: Prototype pollution #147

Open j2l opened 4 years ago

j2l commented 4 years ago

Salut, Bon, je vais devoir désinstaller mes modules viseo pour le moment.

It generates errors in audit

 npm audit

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ extend                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.0.2 <3.0.0 || >=3.0.2                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ node-red-contrib-viseo-google-spreadsheet                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ node-red-contrib-viseo-google-spreadsheet >                  │
│               │ node-red-viseo-helper > extend                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/996                             │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 moderate severity vulnerability in 1105 scanned packages
  1 vulnerability requires manual review. See the full report for details.