hello team,
according to my scan, I detected these vulnerabilities:
Testing jlesage/nginx-proxy-manager...
Tested 466 dependencies for known issues, found 4 issues.
Issues to fix by upgrading:
Upgrade express-fileupload@1.1.9 to express-fileupload@1.1.10 to fix
✗ Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-595969] in express-fileupload@1.1.9
introduced by express-fileupload@1.1.9
Upgrade objection@2.2.16 to objection@3.0.0 to fix
✗ Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-OBJECTION-1582910] in objection@2.2.16
introduced by objection@2.2.16
Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@4.1.0
introduced by bcrypt@5.0.0 > node-pre-gyp@0.15.0 > npmlog@4.1.2 > gauge@2.7.4 > wide-align@1.1.3 > string-width@2.1.1 > strip-ansi@4.0.0 > ansi-regex@3.0.0 and 9 other path(s)
This issue was fixed in versions: 6.0.1, 5.0.1
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905] in glob-parent@5.1.1
introduced by nodemon@2.0.4 > chokidar@3.4.1 > glob-parent@5.1.1
This issue was fixed in versions: 5.1.2
hello team, according to my scan, I detected these vulnerabilities:
Testing jlesage/nginx-proxy-manager...
Tested 466 dependencies for known issues, found 4 issues.
Issues to fix by upgrading:
Upgrade express-fileupload@1.1.9 to express-fileupload@1.1.10 to fix ✗ Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-595969] in express-fileupload@1.1.9 introduced by express-fileupload@1.1.9
Upgrade objection@2.2.16 to objection@3.0.0 to fix ✗ Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-OBJECTION-1582910] in objection@2.2.16 introduced by objection@2.2.16
Issues with no direct upgrade or patch: ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@4.1.0 introduced by bcrypt@5.0.0 > node-pre-gyp@0.15.0 > npmlog@4.1.2 > gauge@2.7.4 > wide-align@1.1.3 > string-width@2.1.1 > strip-ansi@4.0.0 > ansi-regex@3.0.0 and 9 other path(s) This issue was fixed in versions: 6.0.1, 5.0.1 ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905] in glob-parent@5.1.1 introduced by nodemon@2.0.4 > chokidar@3.4.1 > glob-parent@5.1.1 This issue was fixed in versions: 5.1.2
Fix, please.
Good work :-)