@cypress/request <=2.88.12
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
fix available via `npm audit fix --force`
Will install cypress@13.5.1, which is a breaking change
node_modules/@cypress/request
cypress 4.3.0 - 12.17.4
Depends on vulnerable versions of @cypress/request
node_modules/cypress
apollo-server-core
apollo-server-core <=2.26.0
Severity: moderate
Introspection in schema validation in Apollo Server - https://github.com/advisories/GHSA-w42g-7vfc-xf37
Prevent logging invalid header values - https://github.com/advisories/GHSA-j5g3-5c8r-7qfx
fix available via `npm audit fix --force`
Will install apollo-server-express@3.13.0, which is a breaking change
node_modules/apollo-server-core
apollo-server-express <=2.14.1
Depends on vulnerable versions of apollo-server-core
node_modules/apollo-server-express
axios
axios 0.8.1 - 1.5.1
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install @bandwidth/messaging@4.1.3, which is a breaking change
node_modules/axios
node_modules/twilio/node_modules/axios
@bandwidth/messaging 3.0.0 - 4.1.2
Depends on vulnerable versions of axios
node_modules/@bandwidth/messaging
twilio >=2.6.0
Depends on vulnerable versions of axios
Depends on vulnerable versions of jsonwebtoken
node_modules/twilio
degenerator
degenerator <3.0.1
Severity: high
Code Injection in pac-resolver - https://github.com/advisories/GHSA-9j49-mfvp-vmhm
fix available via `npm audit fix --force`
Will install mailgun-js@0.6.7, which is a breaking change
node_modules/degenerator
pac-resolver <=4.2.0
Depends on vulnerable versions of degenerator
Depends on vulnerable versions of netmask
node_modules/pac-resolver
pac-proxy-agent <=4.1.0
Depends on vulnerable versions of pac-resolver
node_modules/pac-proxy-agent
proxy-agent 1.1.0 - 4.0.1
Depends on vulnerable versions of pac-proxy-agent
node_modules/proxy-agent
mailgun-js >=0.6.8
Depends on vulnerable versions of proxy-agent
node_modules/mailgun-js
flat
flat <5.0.1
Severity: critical
flat vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-2j2x-2gpw-g8fm
fix available via `npm audit fix --force`
Will install json2csv@6.0.0-alpha.2, which is a breaking change
node_modules/flat
json2csv 3.1.0 - 4.0.0-alpha.2
Depends on vulnerable versions of flat
node_modules/json2csv
6 out of 18 dependents are listed here.
cypress
apollo-server-core
axios
degenerator
flat