Open PatrickSpies opened 3 years ago
npm audit reports 6 vulnerabilities (3 low, 1 moderate, 2 high)
npm audit
npm audit report acorn 5.5.0 - 5.7.3 || 6.0.0 - 6.4.0 || 7.0.0 - 7.1.0 Severity: moderate Regular Expression Denial of Service - https://npmjs.com/advisories/1488 fix available via npm audit fix node_modules/acorn bl <=1.2.2 || 2.0.1 - 2.2.0 || 3.0.0 || 4.0.0 - 4.0.2 Severity: high Remote Memory Exposure - https://npmjs.com/advisories/1555 fix available via npm audit fix node_modules/bl decompress <4.2.1 Severity: high Arbitrary File Write - https://npmjs.com/advisories/1217 fix available via npm audit fix node_modules/decompress lodash <4.17.19 Prototype Pollution - https://npmjs.com/advisories/1523 fix available via npm audit fix node_modules/lodash minimist <0.2.1 || >=1.0.0 <1.2.3 Prototype Pollution - https://npmjs.com/advisories/1179 fix available via npm audit fix node_modules/minimist node_modules/mkdirp/node_modules/minimist mkdirp 0.4.1 - 0.5.1 Depends on vulnerable versions of minimist node_modules/mkdirp`
acorn 5.5.0 - 5.7.3 || 6.0.0 - 6.4.0 || 7.0.0 - 7.1.0 Severity: moderate Regular Expression Denial of Service - https://npmjs.com/advisories/1488 fix available via npm audit fix node_modules/acorn
npm audit fix
bl <=1.2.2 || 2.0.1 - 2.2.0 || 3.0.0 || 4.0.0 - 4.0.2 Severity: high Remote Memory Exposure - https://npmjs.com/advisories/1555 fix available via npm audit fix node_modules/bl
decompress <4.2.1 Severity: high Arbitrary File Write - https://npmjs.com/advisories/1217 fix available via npm audit fix node_modules/decompress
lodash <4.17.19 Prototype Pollution - https://npmjs.com/advisories/1523 fix available via npm audit fix node_modules/lodash
minimist <0.2.1 || >=1.0.0 <1.2.3 Prototype Pollution - https://npmjs.com/advisories/1179 fix available via npm audit fix node_modules/minimist node_modules/mkdirp/node_modules/minimist mkdirp 0.4.1 - 0.5.1 Depends on vulnerable versions of minimist node_modules/mkdirp`
npm outdated reports multiple outdated packages
npm outdated
Is it possible to provide a new release with updated dependencies?
Vulnerabilities
npm audit
reports 6 vulnerabilities (3 low, 1 moderate, 2 high)Outdated packages
npm outdated
reports multiple outdated packagesIs it possible to provide a new release with updated dependencies?