Closed kopach closed 5 years ago
report from npm audit:
$ npm audit === npm audit security report === ┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Moderate │ Sandbox Breakout / Arbitrary Code Execution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ static-eval │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=2.0.2 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ apimocker [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ apimocker > jsonpath > static-eval │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/758 │ └───────────────┴──────────────────────────────────────────────────────────────┘ found 1 moderate severity vulnerability in 54384 scanned packages 1 vulnerability requires manual review. See the full report for details.
It looks like fix for this should be matter of updating dependencies. (maybe even npm audit fix will do this automatically)
npm audit fix
fixed in v1.1.2
gstroup
commented
5 years ago gstroup
commented
5 years ago
report from npm audit:
It looks like fix for this should be matter of updating dependencies. (maybe even
npm audit fixwill do this automatically)