Closed pinguinooo closed 3 years ago
Note that https://www.npmjs.com/advisories/1206 and https://www.npmjs.com/advisories/1207 are within node-static
itself and not just its dependencies (also https://www.npmjs.com/advisories/1208 , but that has PR #213).
Regarding npm advisory 1206-1208 per the change log:
URL
constructor over deprecated url.parse
;
should fix Open Redirect issue https://www.npmjs.com/advisories/1207fs.stat
calls from bad path arguments; fixes
Denial of Service issue https://www.npmjs.com/advisories/1208
(@brpvieira)Re: https://npmjs.com/advisories/1179 , this should now be fixed due to our no longer relying on optimist/minimist.
Closing as the underlying issues appear to be resolved, but feel free to report again if any issues remain (though the new version has not yet been released).
how do i fix this?
=== npm audit security report ===
Low Prototype Pollution
Package minimist
Patched in >=0.2.1 <1.0.0 || >=1.2.3
Dependency of node-static
Path node-static > optimist > minimist
More info https://npmjs.com/advisories/1179
Low Prototype Pollution
Package minimist
Patched in >=0.2.1 <1.0.0 || >=1.2.3
Dependency of soundcloud
Path soundcloud > node-static > optimist > minimist
More info https://npmjs.com/advisories/1179
Low Unauthorized File Access
Package node-static
Patched in No patch available
Dependency of node-static
Path node-static
More info https://npmjs.com/advisories/1206
Low Unauthorized File Access
Package node-static
Patched in No patch available
Dependency of soundcloud
Path soundcloud > node-static
More info https://npmjs.com/advisories/1206
Low Open Redirect
Package node-static
Patched in No patch available
Dependency of node-static
Path node-static
More info https://npmjs.com/advisories/1207
Low Open Redirect
Package node-static
Patched in No patch available
Dependency of soundcloud
Path soundcloud > node-static
More info https://npmjs.com/advisories/1207
High Denial of Service
Package node-static
Patched in No patch available
Dependency of node-static
Path node-static
More info https://npmjs.com/advisories/1208
High Denial of Service
Package node-static
Patched in No patch available
Dependency of soundcloud
Path soundcloud > node-static
More info https://npmjs.com/advisories/1208