Open nathaniel-watson-ctg-com opened 3 days ago
@nathaniel-watson-ctg-com Thanks for posting! We'll take a look as soon as possible.
In the mean time, there are a few ways you can help speed things along:
Please remember: never post in a public forum if you believe you've found a genuine security vulnerability. Instead, disclose it responsibly.
For help with questions about Sails, click here.
According to the NPM audit results, there is an updated version of send
available, so that one should be fixable.
Version 4.21.0 of express
seems to fix the body-parser
bug.
The newest version of path-to-regexp
is 8.1.0. That should fix the vulnerability, but it'll be a big jump.
I'm not sure what to do about the deprecation warnings.
This is now in the latest release.
The latest version of sails has a variety of issues listed under NPM audit.
The 7 vulnerabilities come from 3 out-of-date packages, 1 of which is introduced via Express.
For context, I found this by creating a new project and running "npm init" followed by "npm install sails", to ensure no other packages were contaminating the results. To make things easier, the commands I ran and their output are specified at the bottom of this ticket.
I'm not using Grunt or any of the database adapters, so I've listed those as non-applicable below.
Node version: v18.14.0
Sails version (sails): 1.5.11
ORM hook version (sails-hook-orm): N/A ?
Sockets hook version (sails-hook-sockets): N/A
Organics hook version (sails-hook-organics): N/A
Grunt hook version (sails-hook-grunt): N/A
Uploads hook version (sails-hook-uploads): N/A
DB adapter & version (e.g. sails-mysql@5.55.5): N/A
Skipper adapter & version (e.g. skipper-s3@5.55.5): N/A