Open mralusw opened 1 year ago
Same setup as in #414; in addition to the problems there, there was also this message at the end of npm ci: 3 vulnerabilities (2 high, 1 critical).
npm ci
3 vulnerabilities (2 high, 1 critical)
npm audit reports:
npm audit
# npm audit report json5 <2.2.2 Severity: high Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h fix available via `npm audit fix` node_modules/@babel/core/node_modules/json5 node_modules/adjust-sourcemap-loader/node_modules/json5 node_modules/file-loader/node_modules/json5 node_modules/json5 node_modules/mini-css-extract-plugin/node_modules/json5 node_modules/posthtml-loader/node_modules/json5 node_modules/resolve-url-loader/node_modules/json5 node_modules/thread-loader/node_modules/json5 node_modules/vue-loader/node_modules/json5 node_modules/yaml-loader/node_modules/json5 loader-utils <=1.4.2 Depends on vulnerable versions of json5 node_modules/loader-utils qs 6.5.0 - 6.5.2 Severity: high qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp fix available via `npm audit fix` node_modules/request/node_modules/qs 3 vulnerabilities (2 high, 1 critical)
Is this... something to be expected?
Yes, it's quite common for there to be some vulnerabilities listed for dependencies. Feel free to open a PR to resolve them if you wish.
Same setup as in #414; in addition to the problems there, there was also this message at the end of
npm ci
:3 vulnerabilities (2 high, 1 critical)
.npm audit
reports:Is this... something to be expected?