Vulnerabilities detected in the dependency tree

[mihai-ro]

Describe the bug After installing the latest available version of attranslate (2.1.2), the npm audit logs several critical and medium severity vulnerabilities in the dependency tree.

To Reproduce Steps to reproduce the behavior.

npm i attranslate && npm audit

Expected behavior No vulnerabilities in the dependency tree

Files

Additional context Add any other context about the problem here.

[fkirc]

Thank you for reporting, I will try to fix it during the next update

[fkirc]

With PR https://github.com/fkirc/attranslate/pull/267, I reduced the number of production-vulnerabilities when running npm audit --omit=dev .

However, at the moment I do not have time to upgrade the packages openai and xml2js.

npm audit --omit=dev

npm audit report

axios 0.8.1 - 0.27.2
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx fix available via npm audit fix --force
Will install openai@4.52.2, which is a breaking change
node_modules/openai/node_modules/axios
openai 2.0.0 - 3.3.0
Depends on vulnerable versions of axios
node_modules/openai

xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - https://github.com/advisories/GHSA-776f-qx25-q3cc
No fix available
node_modules/xml2js

3 moderate severity vulnerabilities