search

RDFLib / prez-ui

BSD 3-Clause "New" or "Revised" License
10 stars 7 forks source link

Update npm vulnerabilities from security audit #76

Closed edmondchuc closed 1 year ago

edmondchuc commented 1 year ago

Below is as reported by SRA.

=== npm audit security report ===

# Run  npm update vite --depth 2  to resolve 2 vulnerabilities

  High            Vite Server Options (server.fs.deny) can be bypassed using

                  double forward-slash (//)

  Package         vite

  Dependency of   vite

  Path            vite

  More info       https://github.com/advisories/GHSA-353f-5xf4-qw67

  High            Vite Server Options (server.fs.deny) can be bypassed using

                  double forward-slash (//)

  Package         vite

  Dependency of   vitest [dev]

  Path            vitest > vite

  More info       https://github.com/advisories/GHSA-353f-5xf4-qw67

                                 Manual Review

             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance

  Moderate        semver vulnerable to Regular Expression Denial of Service

  Package         semver

  Patched in      >=7.5.2

  Dependency of   @triply/yasqe

  Path            @triply/yasqe > superagent > semver

  More info       https://github.com/advisories/GHSA-c2qf-rxjj-qqgw

  Moderate        semver vulnerable to Regular Expression Denial of Service

  Package         semver

  Patched in      >=7.5.2

 Dependency of   @triply/yasr

  Path            @triply/yasr > @triply/yasqe > superagent > semver

  More info       https://github.com/advisories/GHSA-c2qf-rxjj-qqgw

  Moderate        semver vulnerable to Regular Expression Denial of Service

  Package         semver

  Patched in      >=7.5.2

  Dependency of   npm-run-all [dev]

  Path            npm-run-all > cross-spawn > semver

  More info       https://github.com/advisories/GHSA-c2qf-rxjj-qqgw

  Moderate        semver vulnerable to Regular Expression Denial of Service

  Package         semver

  Patched in      >=7.5.2

  Dependency of   npm-run-all [dev]

  Path            npm-run-all > read-pkg > normalize-package-data > semver

  More info       https://github.com/advisories/GHSA-c2qf-rxjj-qqgw

  Moderate        word-wrap vulnerable to Regular Expression Denial of Service

  Package         word-wrap

  Patched in      No patch available

  Dependency of   jsdom [dev]

  Path            jsdom > escodegen > optionator > word-wrap

  More info       https://github.com/advisories/GHSA-j8xg-fqg3-53r7

found 7 vulnerabilities (5 moderate, 2 high) in 347 scanned packages

  run `npm audit fix` to fix 2 of them.

  5 vulnerabilities require manual review. See the full report for details.