Kuvaus:
Frontendissä käytettävissä npm-paketeissa on haavoittuvuuksia. Paketit tulee päivittää.
Sijainti:
Frontendin npm-paketit.
Virheilmoitus:
npm audit report
glob-parent <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via npm audit fix --force
Will install @angular-devkit/build-angular@14.2.8, which is a breaking change
node_modules/webpack-dev-server/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/webpack-dev-server/node_modules/chokidar
webpack-dev-server 2.0.0-beta - 4.7.2
Depends on vulnerable versions of chokidar
Depends on vulnerable versions of selfsigned
node_modules/webpack-dev-server
@angular-devkit/build-angular <=13.3.1 || 14.0.0-next.0 - 14.0.0-rc.3
Depends on vulnerable versions of @angular-devkit/build-webpack
Depends on vulnerable versions of loader-utils
Depends on vulnerable versions of minimatch
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-angular
@angular-devkit/build-webpack <=0.1300.0-rc.3
Depends on vulnerable versions of webpack-dev-server
node_modules/@angular-devkit/build-webpack
loader-utils <1.4.1 || >=2.0.0 <2.0.3
Severity: critical
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
fix available via npm audit fix --force
Will install @angular-devkit/build-angular@14.2.8, which is a breaking change
node_modules/babel-loader/node_modules/loader-utils
node_modules/loader-utils
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via npm audit fix --force
Will install @angular-devkit/build-angular@14.2.8, which is a breaking change
node_modules/minimatch
Kuvaus: Frontendissä käytettävissä npm-paketeissa on haavoittuvuuksia. Paketit tulee päivittää.
Sijainti: Frontendin npm-paketit.
Virheilmoitus:
npm audit report
glob-parent <5.1.2 Severity: high glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6 fix available via
npm audit fix --forceWill install @angular-devkit/build-angular@14.2.8, which is a breaking change node_modules/webpack-dev-server/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/webpack-dev-server/node_modules/chokidar webpack-dev-server 2.0.0-beta - 4.7.2 Depends on vulnerable versions of chokidar Depends on vulnerable versions of selfsigned node_modules/webpack-dev-server @angular-devkit/build-angular <=13.3.1 || 14.0.0-next.0 - 14.0.0-rc.3 Depends on vulnerable versions of @angular-devkit/build-webpack Depends on vulnerable versions of loader-utils Depends on vulnerable versions of minimatch Depends on vulnerable versions of webpack-dev-server node_modules/@angular-devkit/build-angular @angular-devkit/build-webpack <=0.1300.0-rc.3 Depends on vulnerable versions of webpack-dev-server node_modules/@angular-devkit/build-webpackloader-utils <1.4.1 || >=2.0.0 <2.0.3 Severity: critical Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq fix available via
npm audit fix --forceWill install @angular-devkit/build-angular@14.2.8, which is a breaking change node_modules/babel-loader/node_modules/loader-utils node_modules/loader-utilsminimatch <3.0.5 Severity: high minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3 fix available via
npm audit fix --forceWill install @angular-devkit/build-angular@14.2.8, which is a breaking change node_modules/minimatchnode-forge <=1.2.1 Severity: high Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp Prototype Pollution in node-forge debug API. - https://github.com/advisories/GHSA-5rrq-pxf6-6jx5 Improper Verification of Cryptographic Signature in
node-forge- https://github.com/advisories/GHSA-2r2c-g63r-vccr Improper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-x4jg-mjrx-434gImproper Verification of Cryptographic Signature in node-forge - https://github.com/advisories/GHSA-cfm4-qjh2-4765
URL parsing in node-forge could lead to undesired behavior. - https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
fix available via
npm audit fix --forceWill install @angular-devkit/build-angular@14.2.8, which is a breaking change node_modules/node-forge selfsigned 1.1.1 - 1.10.14 Depends on vulnerable versions of node-forge node_modules/selfsigned9 vulnerabilities (2 moderate, 5 high, 2 critical)
To address all issues (including breaking changes), run: npm audit fix --force