search

abauzac / nightwatch-typescript

Boilerplate for nightwatch end to end tests with typescript
18 stars 3 forks source link

Found 6 vulnerabilities: 4 critical & 1 high, during npm update #2

Open hellfireSteve opened 6 years ago

hellfireSteve commented 6 years ago

Downloaded the project & ran npm update.

Got this message:

found 6 vulnerabilities (1 low, 4 high, 1 critical)

result of npm audit:

=== npm audit security report ===

Run npm install nightwatch@1.0.10 to resolve 6 vulnerabilities

SEMVER WARNING: Recommended action is a potentially breaking change

Low Regular Expression Denial of Service

Package debug

Dependency of nightwatch

Path nightwatch > mocha-nightwatch > debug

More info https://nodesecurity.io/advisories/534

Critical Command Injection

Package growl

Dependency of nightwatch

Path nightwatch > mocha-nightwatch > growl

More info https://nodesecurity.io/advisories/146

High Denial of Service

Package http-proxy-agent

Dependency of nightwatch

Path nightwatch > proxy-agent > http-proxy-agent

More info https://nodesecurity.io/advisories/607

High Denial of Service

Package http-proxy-agent

Dependency of nightwatch

Path nightwatch > proxy-agent > pac-proxy-agent > http-proxy-agent

More info https://nodesecurity.io/advisories/607

High Denial of Service

Package https-proxy-agent

Dependency of nightwatch

Path nightwatch > proxy-agent > https-proxy-agent

More info https://nodesecurity.io/advisories/593

High Denial of Service

Package https-proxy-agent

Dependency of nightwatch

Path nightwatch > proxy-agent > pac-proxy-agent > https-proxy-agent

More info https://nodesecurity.io/advisories/593

found 6 vulnerabilities (1 low, 4 high, 1 critical) in 329 scanned packages 6 vulnerabilities require semver-major dependency updates.