An issues-only repository for the Bryntum project management component suite which includes powerful Grid, Scheduler, Calendar, Kanban Task Board and Gantt chart components all built in pure JS / CSS / TypeScript
Reported in email. There are few errors with the server:
Grid\examples\_shared\server>npm audit
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Arbitrary File Creation/Overwrite on Windows via
insufficient relative path sanitization
Package tar
Patched in >=4.4.18
Dependency of hummus
Path hummus > node-pre-gyp > tar
More info https://github.com/advisories/GHSA-5955-9wpr-37jh
High Arbitrary File Creation/Overwrite via insufficient symlink
protection due to directory cache poisoning using symbolic
links
Package tar
Patched in >=4.4.18
Dependency of hummus
Path hummus > node-pre-gyp > tar
More info https://github.com/advisories/GHSA-qq89-hq3f-393p
High Arbitrary File Creation/Overwrite via insufficient symlink
protection due to directory cache poisoning using symbolic
links
Package tar
Patched in >=4.4.16
Dependency of hummus
Path hummus > node-pre-gyp > tar
More info https://github.com/advisories/GHSA-9r2w-394v-53qc
High Arbitrary File Creation/Overwrite due to insufficient
absolute path sanitization
Package tar
Patched in >=4.4.14
Dependency of hummus
Path hummus > node-pre-gyp > tar
More info https://github.com/advisories/GHSA-3jfq-g458-7qm9
High Arbitrary File Creation/Overwrite via insufficient symlink
protection due to directory cache poisoning
Package tar
Patched in >=4.4.15
Dependency of hummus
Path hummus > node-pre-gyp > tar
More info https://github.com/advisories/GHSA-r628-mhmh-qjhw
High Prototype Pollution
Package ini
Patched in >=1.3.6
Dependency of hummus
Path hummus > node-pre-gyp > rc > ini
More info https://github.com/advisories/GHSA-qqgx-2p2h-9c37
Moderate Uncontrolled resource consumption in jpeg-js
Package jpeg-js
Patched in >=0.4.0
Dependency of merge-img
Path merge-img > jimp > jpeg-js
More info https://github.com/advisories/GHSA-w7q9-p3jq-fmhm
High Regular expression denial of service in url-regex
Package url-regex
Patched in No patch available
Dependency of merge-img
Path merge-img > jimp > url-regex
More info https://github.com/advisories/GHSA-v4rh-8p82-6h5w
found 8 vulnerabilities (1 moderate, 7 high) in 454 scanned packages
8 vulnerabilities require manual review. See the full report for details.
They cannot be fixed automatically, probably need to replace some packages. hummus doesn't look supported any longer which could be a problem.
Reported in email. There are few errors with the server:
They cannot be fixed automatically, probably need to replace some packages. hummus doesn't look supported any longer which could be a problem.