Open tobiasqueck opened 7 months ago
The following dependencies have issues:
┌─────────────────────┬────────────────────────────────────────────────────────┐ │ moderate │ NPM IP package incorrectly identifies some private IP │ │ │ addresses as public │ ├─────────────────────┼────────────────────────────────────────────────────────┤ │ Package │ ip │ ├─────────────────────┼────────────────────────────────────────────────────────┤ │ Vulnerable versions │ =2.0.0 │ ├─────────────────────┼────────────────────────────────────────────────────────┤ │ Patched versions │ >=2.0.1 │ ├─────────────────────┼────────────────────────────────────────────────────────┤ │ Paths │ examples/simple-generator > yeoman-generator@5.9.0 > │ │ │ pacote@15.2.0 > @npmcli/run-script@6.0.2 > │ │ │ node-gyp@9.4.0 > make-fetch-happen@11.1.1 > │ │ │ socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 │ │ │ │ │ │ examples/simple-generator > yeoman-generator@5.9.0 > │ │ │ pacote@15.2.0 > npm-registry-fetch@14.0.5 > │ │ │ make-fetch-happen@11.1.1 > socks-proxy-agent@7.0.0 > │ │ │ socks@2.7.1 > ip@2.0.0 │ │ │ │ │ │ examples/simple-generator > yeoman-generator@5.9.0 > │ │ │ pacote@15.2.0 > sigstore@1.8.0 > @sigstore/tuf@1.0.3 > │ │ │ tuf-js@1.1.7 > make-fetch-happen@11.1.1 > │ │ │ socks-proxy-agent@7.0.0 > socks@2.7.1 > ip@2.0.0 │ │ │ │ │ │ ... Found 10 paths, run `pnpm why ip` for more │ │ │ information │ ├─────────────────────┼────────────────────────────────────────────────────────┤ │ More info │ https://github.com/advisories/GHSA-78xj-cgh5-2h22 │ └─────────────────────┴────────────────────────────────────────────────────────┘ ┌─────────────────────┬────────────────────────────────────────────────────────┐ │ moderate │ sanitize-html Information Exposure vulnerability │ ├─────────────────────┼────────────────────────────────────────────────────────┤ │ Package │ sanitize-html │ ├─────────────────────┼────────────────────────────────────────────────────────┤ │ Vulnerable versions │ <2.12.1 │ ├─────────────────────┼────────────────────────────────────────────────────────┤ │ Patched versions │ >=2.12.1 │ ├─────────────────────┼────────────────────────────────────────────────────────┤ │ Paths │ packages/control-property-editor > │ │ │ @sap-ux/ui-components@link:../ui-components > │ │ │ sanitize-html@2.7.3 │ │ │ │ │ │ packages/ui-components > sanitize-html@2.7.3 │ ├─────────────────────┼────────────────────────────────────────────────────────┤ │ More info │ https://github.com/advisories/GHSA-rm97-x556-q36h │ └─────────────────────┴────────────────────────────────────────────────────────┘ ┌─────────────────────┬────────────────────────────────────────────────────────┐ │ moderate │ follow-redirects' Proxy-Authorization header kept │ │ │ across hosts │ ├─────────────────────┼────────────────────────────────────────────────────────┤ │ Package │ follow-redirects │ ├─────────────────────┼────────────────────────────────────────────────────────┤ │ Vulnerable versions │ <=1.15.5 │ ├─────────────────────┼────────────────────────────────────────────────────────┤ │ Patched versions │ >=1.15.6 │ ├─────────────────────┼────────────────────────────────────────────────────────┤ │ Paths │ . > @nrwl/nx-cloud@16.5.2 > nx-cloud@16.5.2 > │ │ │ axios@1.6.1 > follow-redirects@1.15.4 │ │ │ │ │ │ . > nx@16.4.0 > axios@1.6.1 > follow-redirects@1.15.4 │ │ │ │ │ │ examples/odata-cli > │ │ │ @sap-ux/axios-extension@link:../../packages/axios- │ │ │ extension > │ │ │ @sap-ux/btp-utils@link:../../packages/btp-utils > │ │ │ axios@1.6.1 > follow-redirects@1.15.4 │ │ │ │ │ │ ... Found 72 paths, run `pnpm why follow-redirects` │ │ │ for more information │ ├─────────────────────┼────────────────────────────────────────────────────────┤ │ More info │ https://github.com/advisories/GHSA-cxjh-pqwp-8mfp │ └─────────────────────┴────────────────────────────────────────────────────────┘
Steps to reproduce the behavior:
pnpm audit
No issues
See description
n/a
{describe the problem}
{describe the fix}
{Some explanation why this issue might have been missed during normal development/testing cycle}
{if we don’t want to see this type of issues anymore what we should do to prevent}
Solved by #2219
hitesh-parmar
commented
3 months ago hitesh-parmar
commented
3 months ago
Description
The following dependencies have issues:
Steps to Reproduce
Steps to reproduce the behavior:
pnpm auditExpected results
No issues
Actual results
See description
Screenshots
n/a
Root Cause Analysis
Problem
{describe the problem}
Fix
{describe the fix}
Why was it missed
{Some explanation why this issue might have been missed during normal development/testing cycle}
How can we avoid this
{if we don’t want to see this type of issues anymore what we should do to prevent}