search

claudiajs / claudia

Deploy Node.js projects to AWS Lambda and API Gateway easily
https://claudiajs.com
MIT License
3.8k stars 276 forks source link

Vulnerabilities and oudated packages #223

Open PatrickSpies opened 3 years ago

PatrickSpies commented 3 years ago

Vulnerabilities

npm audit reports 6 vulnerabilities (3 low, 1 moderate, 2 high)

npm audit report

acorn 5.5.0 - 5.7.3 || 6.0.0 - 6.4.0 || 7.0.0 - 7.1.0 Severity: moderate Regular Expression Denial of Service - https://npmjs.com/advisories/1488 fix available via npm audit fix node_modules/acorn

bl <=1.2.2 || 2.0.1 - 2.2.0 || 3.0.0 || 4.0.0 - 4.0.2 Severity: high Remote Memory Exposure - https://npmjs.com/advisories/1555 fix available via npm audit fix node_modules/bl

decompress <4.2.1 Severity: high Arbitrary File Write - https://npmjs.com/advisories/1217 fix available via npm audit fix node_modules/decompress

lodash <4.17.19 Prototype Pollution - https://npmjs.com/advisories/1523 fix available via npm audit fix node_modules/lodash

minimist <0.2.1 || >=1.0.0 <1.2.3 Prototype Pollution - https://npmjs.com/advisories/1179 fix available via npm audit fix node_modules/minimist node_modules/mkdirp/node_modules/minimist mkdirp 0.4.1 - 0.5.1 Depends on vulnerable versions of minimist node_modules/mkdirp`

Outdated packages

npm outdated reports multiple outdated packages

Package Current Wanted Latest Location Depended by
archiver 3.0.0 3.1.1 5.3.0 node_modules/archiver claudia
aws-sdk 2.607.0 2.875.0 2.875.0 node_modules/aws-sdk claudia
decompress 4.2.0 4.2.1 4.2.1 node_modules/decompress claudia
dotenv 2.0.0 2.0.0 8.2.0 node_modules/dotenv claudia
eslint 6.5.1 6.8.0 7.23.0 node_modules/eslint claudia
eslint-config-crockford 0.2.0 0.2.0 2.0.0 node_modules/eslint-config-crockford claudia
fs-extra 6.0.1 6.0.1 9.1.0 node_modules/fs-extra claudia
glob 7.1.2 7.1.6 7.1.6 node_modules/glob claudia
gunzip-maybe 1.4.1 1.4.2 1.4.2 node_modules/gunzip-maybe claudia
jasmine 2.99.0 2.99.0 3.7.0 node_modules/jasmine claudia
jasmine-spec-reporter 2.7.0 2.7.0 6.0.0 node_modules/jasmine-spec-reporter claudia
minimist 1.2.0 1.2.5 1.2.5 node_modules/minimist claudia
sequential-promise-map 1.0.4 1.2.0 1.2.0 node_modules/sequential-promise-map claudia
tar-fs 1.16.3 1.16.3 2.1.1 node_modules/tar-fs claudia
uuid 2.0.3 2.0.3 8.3.2 node_modules/uuid claudia
which 1.3.1 1.3.1 2.0.2 node_modules/which claudia

Is it possible to provide a new release with updated dependencies?