search

awslabs / amazon-kinesis-video-streams-webrtc-sdk-js

JS SDK for interfacing with the Amazon Kinesis Video Streams Signaling Service.
https://awslabs.github.io/amazon-kinesis-video-streams-webrtc-sdk-js/examples/index.html
Apache License 2.0
286 stars 141 forks source link

Bump more dependencies #222

Closed sirknightj closed 1 year ago

sirknightj commented 1 year ago

Issue #, if available:

Description of changes: Override dependencies version.

json5  <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/find-babel-config/node_modules/json5
  find-babel-config  <=1.2.0
  Depends on vulnerable versions of json5
  node_modules/find-babel-config
    babel-plugin-module-resolver  2.3.0 - 4.1.0
    Depends on vulnerable versions of find-babel-config
    node_modules/babel-plugin-module-resolver
      babel-preset-expo  *
      Depends on vulnerable versions of babel-plugin-module-resolver
      node_modules/babel-preset-expo
        expo  >=14.0.0
        Depends on vulnerable versions of @expo/cli
        Depends on vulnerable versions of @expo/config
        Depends on vulnerable versions of @expo/config-plugins
        Depends on vulnerable versions of babel-preset-expo
        Depends on vulnerable versions of expo-asset
        Depends on vulnerable versions of expo-constants
        node_modules/expo

xml2js  <0.5.0
Severity: high
xml2js is vulnerable to prototype pollution  - https://github.com/advisories/GHSA-776f-qx25-q3cc
fix available via `npm audit fix`
node_modules/@expo/cli/node_modules/xml2js
node_modules/@expo/config-plugins/node_modules/xml2js
  @expo/config-plugins  *
  Depends on vulnerable versions of xml2js
  node_modules/@expo/config-plugins
    @expo/cli  >=0.1.0
    Depends on vulnerable versions of @expo/config
    Depends on vulnerable versions of @expo/config-plugins
    Depends on vulnerable versions of @expo/dev-server
    Depends on vulnerable versions of @expo/metro-config
    Depends on vulnerable versions of @expo/prebuild-config
    node_modules/@expo/cli
    @expo/config  >=3.3.23-alpha.0
    Depends on vulnerable versions of @expo/config-plugins
    node_modules/@expo/config
      @expo/metro-config  >=0.1.49-alpha.0
      Depends on vulnerable versions of @expo/config
      node_modules/@expo/metro-config
        @expo/dev-server  >=0.1.49-alpha.0
        Depends on vulnerable versions of @expo/metro-config
        node_modules/@expo/dev-server
      expo-constants  >=10.1.2
      Depends on vulnerable versions of @expo/config
      node_modules/expo-constants
        expo-asset  >=8.6.1
        Depends on vulnerable versions of expo-constants
        node_modules/expo-asset
    @expo/prebuild-config  *
    Depends on vulnerable versions of @expo/config
    Depends on vulnerable versions of @expo/config-plugins
    Depends on vulnerable versions of xml2js
    node_modules/@expo/cli/node_modules/@expo/prebuild-config

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.