Open mma3069 opened 2 years ago
As a part of Node js version upgrade we found there are few vulnerabilities on snappy. we need to update snappy to latest version.
npm audit
Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved.
Try the new cross-platform PowerShell https://aka.ms/pscore6
PS C:\Users\XXXX\webStormWorkspace\FADFM-35912\fabric-loans-transactions-api> npm audit npm WARN config global --global, --local are deprecated. Use --location=global instead.
--global
--local
--location=global
simple-get < 4.0.1 Severity: high Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1. - https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4 e31,https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f fix available via npm audit fix node_modules/simple-get prebuild-install <=6.1.4 Depends on vulnerable versions of simple-get node_modules/prebuild-install snappy 6.1.0 - 6.3.5 Depends on vulnerable versions of prebuild-install node_modules/snappy
npm audit fix
3 high severity vulnerabilities
To address all issues, run: npm audit fix
Need to update snappy version:
As a part of Node js version upgrade we found there are few vulnerabilities on snappy. we need to update snappy to latest version.
Environment:Dev
Include Sample Code to reproduce behavior
npm audit
Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved.
Try the new cross-platform PowerShell https://aka.ms/pscore6
PS C:\Users\XXXX\webStormWorkspace\FADFM-35912\fabric-loans-transactions-api> npm audit npm WARN config global
--global,--localare deprecated. Use--location=globalinstead.npm audit report
simple-get < 4.0.1 Severity: high Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1. - https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4 e31,https://github.com/feross/simple-get/commit/e4af095e06cd69a9235013e8507e220a79b9684f fix available via
npm audit fixnode_modules/simple-get prebuild-install <=6.1.4 Depends on vulnerable versions of simple-get node_modules/prebuild-install snappy 6.1.0 - 6.3.5 Depends on vulnerable versions of prebuild-install node_modules/snappy3 high severity vulnerabilities
To address all issues, run: npm audit fix