After instantiating a fresh install, an NPM audit identifies the following errors:
engine.io (moderate severity): This vulnerability is related to uncaught exceptions in engine.io, which could lead to unexpected application behavior. More details are available here: https://github.com/advisories/GHSA-r7qp-cfhv-p84w
file-type (high severity): This vulnerability is associated with an infinite loop when processing a malformed MKV file. More details can be found here: https://github.com/advisories/GHSA-mhxj-85r3-2x55
immer (critical severity): This vulnerability is caused by prototype pollution in the immer package. Prototype pollution can allow attackers to modify an application's behavior, potentially leading to various security issues. More details are available here:
engine.io 4.0.0 - 6.2.0
Severity: moderate
Uncaught exception in engine.io - https://github.com/advisories/GHSA-r7qp-cfhv-p84w
fix available via `npm audit fix --force`
Will install gatsby@5.9.0, which is outside the stated dependency range
node_modules/engine.io
socket.io 3.0.0-rc1 - 4.4.1
Depends on vulnerable versions of engine.io
node_modules/socket.io
gatsby 2.32.8 - 4.25.4-alpha-initial-webhook-body.2 || 5.0.0-alpha-drupal-proxyurl.11 - 5.4.0-next.3
Depends on vulnerable versions of socket.io
node_modules/gatsby
file-type 13.0.0 - 16.5.3
Severity: high
file-type vulnerable to Infinite Loop via malformed MKV file - https://github.com/advisories/GHSA-mhxj-85r3-2x55
fix available via `npm audit fix --force`
Will install gatsby-source-wordpress@3.11.0, which is a breaking change
node_modules/gatsby-source-wordpress/node_modules/file-type
gatsby-source-wordpress 3.11.0-alpha-wordpress.44 - 3.11.0-next.0 || >=3.12.0-next.0
Depends on vulnerable versions of @rematch/immer
Depends on vulnerable versions of file-type
node_modules/gatsby-source-wordpress
immer <=9.0.5
Severity: critical
Prototype Pollution in immer - https://github.com/advisories/GHSA-c36v-fmgq-m8hx
Prototype Pollution in immer - https://github.com/advisories/GHSA-33f9-j839-rf8h
Prototype Pollution in immer - https://github.com/advisories/GHSA-9qmh-276g-x5pj
fix available via `npm audit fix`
node_modules/immer
@rematch/immer *
Depends on vulnerable versions of immer
node_modules/@rematch/immer
7 vulnerabilities (3 moderate, 3 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
After instantiating a fresh install, an NPM audit identifies the following errors:
engine.io (moderate severity): This vulnerability is related to uncaught exceptions in engine.io, which could lead to unexpected application behavior. More details are available here: https://github.com/advisories/GHSA-r7qp-cfhv-p84w
file-type (high severity): This vulnerability is associated with an infinite loop when processing a malformed MKV file. More details can be found here: https://github.com/advisories/GHSA-mhxj-85r3-2x55
immer (critical severity): This vulnerability is caused by prototype pollution in the immer package. Prototype pollution can allow attackers to modify an application's behavior, potentially leading to various security issues. More details are available here: