search

brownhci / WebGazer

WebGazer.js: Scalable Webcam EyeTracking Using User Interactions
https://webgazer.cs.brown.edu
Other
3.54k stars 536 forks source link

Vulnerabilities issue #258

Closed aishaalampublic closed 1 year ago

aishaalampublic commented 2 years ago

Hello,

I am having trouble running the webgazer project using npm install. I am using node.js version 17.6.

Below are the vulnerabilities i get when i run npm audit:

`# npm audit report

ajv <6.12.3 Severity: moderate Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw fix available via npm audit fix --force Will install parallel-webpack@1.5.0, which is a breaking change node_modules/parallel-webpack/node_modules/ajv parallel-webpack >=1.6.0 Depends on vulnerable versions of ajv node_modules/parallel-webpack

glob-parent <5.1.2 Severity: high Regular expression denial of service in glob-parent - https://github.com/advisories/GHSA-ww39-953v-wcq6 fix available via npm audit fix --force Will install webpack@5.72.1, which is a breaking change node_modules/watchpack-chokidar2/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/watchpack-chokidar2/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/watchpack webpack 4.44.0 - 4.46.0 Depends on vulnerable versions of watchpack Depends on vulnerable versions of watchpack node_modules/webpack

nanoid 3.0.0 - 3.1.30 Severity: moderate Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2 fix available via npm audit fix node_modules/nanoid mocha 8.2.0 - 9.1.4 Depends on vulnerable versions of nanoid node_modules/mocha

9 vulnerabilities (4 moderate, 5 high)

To address issues that do not require attention, run: npm audit fix

To address all issues (including breaking changes), run: npm audit fix --force ` I am running this in intellij and have also tried to run npm audit fix, but that only resolved 4 vulnerabilities of originally 13 vulnerabilities.

Why might this be happening?

Thanks

jeffhuang commented 2 years ago

Probably some libraries that need to be updated. I think most these are for the build or website, so shouldn't affect the webgazer library itself. But would be nice to update the libraries at some point, when someone has time to do that.