search

amcalabretta / botbase

A framework where to run bot trading cryptocurrencies across multiple exchanges
https://amcalabretta.github.io/botbase/
MIT License
5 stars 3 forks source link

npm audit found vulnerabilities #32

Open github-actions[bot] opened 1 year ago

github-actions[bot] commented 1 year ago 
# npm audit report

@sideway/formula  3.0.0
Severity: moderate
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability - https://github.com/advisories/GHSA-c2jc-4fpr-4vhg
fix available via `npm audit fix`
node_modules/@sideway/formula

http-cache-semantics  <4.1.1
Severity: high
http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j
fix available via `npm audit fix`
node_modules/http-cache-semantics

json5  <1.0.2 || >=2.0.0 <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5
node_modules/tsconfig-paths/node_modules/json5

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
No fix available
node_modules/request
  coinbase-pro  *
  Depends on vulnerable versions of request
  node_modules/coinbase-pro

vm2  <=3.9.15
Severity: critical
vm2 vulnerable to sandbox escape - https://github.com/advisories/GHSA-7jxr-cg7f-gpgv
vm2 Sandbox Escape vulnerability - https://github.com/advisories/GHSA-xj72-wvfv-8985
fix available via `npm audit fix`
node_modules/vm2

6 vulnerabilities (3 moderate, 2 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.
github-actions[bot] commented 1 year ago 
# npm audit report

@sideway/formula  3.0.0
Severity: moderate
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability - https://github.com/advisories/GHSA-c2jc-4fpr-4vhg
fix available via `npm audit fix`
node_modules/@sideway/formula

http-cache-semantics  <4.1.1
Severity: high
http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j
fix available via `npm audit fix`
node_modules/http-cache-semantics

json5  <1.0.2 || >=2.0.0 <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5
node_modules/tsconfig-paths/node_modules/json5

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
No fix available
node_modules/request
  coinbase-pro  *
  Depends on vulnerable versions of request
  node_modules/coinbase-pro

vm2  <=3.9.15
Severity: critical
vm2 vulnerable to sandbox escape - https://github.com/advisories/GHSA-7jxr-cg7f-gpgv
vm2 Sandbox Escape vulnerability - https://github.com/advisories/GHSA-xj72-wvfv-8985
fix available via `npm audit fix`
node_modules/vm2

6 vulnerabilities (3 moderate, 2 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.
github-actions[bot] commented 1 year ago 
# npm audit report

@sideway/formula  3.0.0
Severity: moderate
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability - https://github.com/advisories/GHSA-c2jc-4fpr-4vhg
fix available via `npm audit fix`
node_modules/@sideway/formula

http-cache-semantics  <4.1.1
Severity: high
http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j
fix available via `npm audit fix`
node_modules/http-cache-semantics

json5  <1.0.2 || >=2.0.0 <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5
node_modules/tsconfig-paths/node_modules/json5

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
No fix available
node_modules/request
  coinbase-pro  *
  Depends on vulnerable versions of request
  node_modules/coinbase-pro

vm2  <=3.9.15
Severity: critical
vm2 vulnerable to sandbox escape - https://github.com/advisories/GHSA-7jxr-cg7f-gpgv
vm2 Sandbox Escape vulnerability - https://github.com/advisories/GHSA-xj72-wvfv-8985
fix available via `npm audit fix`
node_modules/vm2

6 vulnerabilities (3 moderate, 2 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.