postcss 7.0.0 - 7.0.35 || 8.0.0 - 8.2.9
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/1693
fix available via npm audit fix --force
Will install @gold.au/form@0.1.6, which is a breaking change
node_modules/@gold.au/pancake-sass/node_modules/postcss
@gold.au/pancake-sass *
Depends on vulnerable versions of postcss
node_modules/@gold.au/pancake-sass
@gold.au/core >=4.0.1
Depends on vulnerable versions of @gold.au/pancake-sass
node_modules/@gold.au/core
@gold.au/form >=0.1.7
Depends on vulnerable versions of @gold.au/core
Depends on vulnerable versions of @gold.au/pancake-sass
node_modules/@gold.au/form
tar <=4.4.17 || 5.0.0 - 5.0.9 || 6.0.0 - 6.1.8
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://npmjs.com/advisories/1770
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://npmjs.com/advisories/1771
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://npmjs.com/advisories/1779
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://npmjs.com/advisories/1780
fix available via npm audit fix
node_modules/@gold.au/pancake-sass/node_modules/tar
node-gyp <=3.8.0
Depends on vulnerable versions of tar
node_modules/@gold.au/pancake-sass/node_modules/node-gyp
node-sass 3.3.3 - 6.0.0
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
node_modules/@gold.au/pancake-sass/node_modules/node-sass
trim-newlines <3.0.1 || =4.0.0
Severity: high
Regular Expression Denial of Service - https://npmjs.com/advisories/1753
fix available via npm audit fix
node_modules/@gold.au/pancake-sass/node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
node_modules/@gold.au/pancake-sass/node_modules/meow
node-sass 3.3.3 - 6.0.0
Depends on vulnerable versions of meow
Depends on vulnerable versions of node-gyp
node_modules/@gold.au/pancake-sass/node_modules/node-sass
Fixes are trying to switch back to 0.1.6 version of gold.au/form package which still appears to make references to @gov.au and crashed (currently on Node 14, install completely crashes on Node 16).
`# npm audit report
postcss 7.0.0 - 7.0.35 || 8.0.0 - 8.2.9 Severity: moderate Regular Expression Denial of Service - https://npmjs.com/advisories/1693 fix available via
npm audit fix --force
Will install @gold.au/form@0.1.6, which is a breaking change node_modules/@gold.au/pancake-sass/node_modules/postcss @gold.au/pancake-sass * Depends on vulnerable versions of postcss node_modules/@gold.au/pancake-sass @gold.au/core >=4.0.1 Depends on vulnerable versions of @gold.au/pancake-sass node_modules/@gold.au/core @gold.au/form >=0.1.7 Depends on vulnerable versions of @gold.au/core Depends on vulnerable versions of @gold.au/pancake-sass node_modules/@gold.au/formtar <=4.4.17 || 5.0.0 - 5.0.9 || 6.0.0 - 6.1.8 Severity: high Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://npmjs.com/advisories/1770 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://npmjs.com/advisories/1771 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://npmjs.com/advisories/1779 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://npmjs.com/advisories/1780 fix available via
npm audit fix
node_modules/@gold.au/pancake-sass/node_modules/tar node-gyp <=3.8.0 Depends on vulnerable versions of tar node_modules/@gold.au/pancake-sass/node_modules/node-gyp node-sass 3.3.3 - 6.0.0 Depends on vulnerable versions of meow Depends on vulnerable versions of node-gyp node_modules/@gold.au/pancake-sass/node_modules/node-sasstrim-newlines <3.0.1 || =4.0.0 Severity: high Regular Expression Denial of Service - https://npmjs.com/advisories/1753 fix available via
npm audit fix
node_modules/@gold.au/pancake-sass/node_modules/trim-newlines meow 3.4.0 - 5.0.0 Depends on vulnerable versions of trim-newlines node_modules/@gold.au/pancake-sass/node_modules/meow node-sass 3.3.3 - 6.0.0 Depends on vulnerable versions of meow Depends on vulnerable versions of node-gyp node_modules/@gold.au/pancake-sass/node_modules/node-sass9 vulnerabilities (4 moderate, 5 high)`