Open bnavigator opened 2 weeks ago
> npm audit fix --force
npm warn using --force Recommended protections disabled.
npm warn audit fix semver@5.7.1 node_modules/npm/node_modules/semver
npm warn audit fix semver@5.7.1 is a bundled dependency of
npm warn audit fix semver@5.7.1 npm@6.14.18 at node_modules/npm
npm warn audit fix semver@5.7.1 It cannot be fixed automatically.
npm warn audit fix semver@5.7.1 Check for updates to the npm package.
npm warn audit fix ansi-regex@3.0.0 node_modules/npm/node_modules/string-width/node_modules/ansi-regex
npm warn audit fix ansi-regex@3.0.0 is a bundled dependency of
npm warn audit fix ansi-regex@3.0.0 npm@6.14.18 at node_modules/npm
npm warn audit fix ansi-regex@3.0.0 It cannot be fixed automatically.
npm warn audit fix ansi-regex@3.0.0 Check for updates to the npm package.
npm warn audit fix ansi-regex@4.1.0 node_modules/npm/node_modules/yargs/node_modules/ansi-regex
npm warn audit fix ansi-regex@4.1.0 is a bundled dependency of
npm warn audit fix ansi-regex@4.1.0 npm@6.14.18 at node_modules/npm
npm warn audit fix ansi-regex@4.1.0 It cannot be fixed automatically.
npm warn audit fix ansi-regex@4.1.0 Check for updates to the npm package.
npm warn audit fix got@6.7.1 node_modules/npm/node_modules/got
npm warn audit fix got@6.7.1 is a bundled dependency of
npm warn audit fix got@6.7.1 npm@6.14.18 at node_modules/npm
npm warn audit fix got@6.7.1 It cannot be fixed automatically.
npm warn audit fix got@6.7.1 Check for updates to the npm package.
npm warn audit fix http-cache-semantics@3.8.1 node_modules/npm/node_modules/http-cache-semantics
npm warn audit fix http-cache-semantics@3.8.1 is a bundled dependency of
npm warn audit fix http-cache-semantics@3.8.1 npm@6.14.18 at node_modules/npm
npm warn audit fix http-cache-semantics@3.8.1 It cannot be fixed automatically.
npm warn audit fix http-cache-semantics@3.8.1 Check for updates to the npm package.
npm warn audit fix ip@1.1.5 node_modules/npm/node_modules/ip
npm warn audit fix ip@1.1.5 is a bundled dependency of
npm warn audit fix ip@1.1.5 npm@6.14.18 at node_modules/npm
npm warn audit fix ip@1.1.5 It cannot be fixed automatically.
npm warn audit fix ip@1.1.5 Check for updates to the npm package.
npm warn audit fix request@2.88.2 node_modules/npm/node_modules/request
npm warn audit fix request@2.88.2 is a bundled dependency of
npm warn audit fix request@2.88.2 npm@6.14.18 at node_modules/npm
npm warn audit fix request@2.88.2 It cannot be fixed automatically.
npm warn audit fix request@2.88.2 Check for updates to the npm package.
npm warn audit fix tar@4.4.19 node_modules/npm/node_modules/tar
npm warn audit fix tar@4.4.19 is a bundled dependency of
npm warn audit fix tar@4.4.19 npm@6.14.18 at node_modules/npm
npm warn audit fix tar@4.4.19 It cannot be fixed automatically.
npm warn audit fix tar@4.4.19 Check for updates to the npm package.
npm warn audit fix tough-cookie@2.5.0 node_modules/npm/node_modules/tough-cookie
npm warn audit fix tough-cookie@2.5.0 is a bundled dependency of
npm warn audit fix tough-cookie@2.5.0 npm@6.14.18 at node_modules/npm
npm warn audit fix tough-cookie@2.5.0 It cannot be fixed automatically.
npm warn audit fix tough-cookie@2.5.0 Check for updates to the npm package.
npm warn audit fix package-json@4.0.1 node_modules/npm/node_modules/package-json
npm warn audit fix package-json@4.0.1 is a bundled dependency of
npm warn audit fix package-json@4.0.1 npm@6.14.18 at node_modules/npm
npm warn audit fix package-json@4.0.1 It cannot be fixed automatically.
npm warn audit fix package-json@4.0.1 Check for updates to the npm package.
npm warn audit fix make-fetch-happen@5.0.2 node_modules/npm/node_modules/make-fetch-happen
npm warn audit fix make-fetch-happen@5.0.2 is a bundled dependency of
npm warn audit fix make-fetch-happen@5.0.2 npm@6.14.18 at node_modules/npm
npm warn audit fix make-fetch-happen@5.0.2 It cannot be fixed automatically.
npm warn audit fix make-fetch-happen@5.0.2 Check for updates to the npm package.
npm warn audit fix socks@2.3.3 node_modules/npm/node_modules/socks
npm warn audit fix socks@2.3.3 is a bundled dependency of
npm warn audit fix socks@2.3.3 npm@6.14.18 at node_modules/npm
npm warn audit fix socks@2.3.3 It cannot be fixed automatically.
npm warn audit fix socks@2.3.3 Check for updates to the npm package.
npm warn audit fix node-gyp@5.1.1 node_modules/npm/node_modules/node-gyp
npm warn audit fix node-gyp@5.1.1 is a bundled dependency of
npm warn audit fix node-gyp@5.1.1 npm@6.14.18 at node_modules/npm
npm warn audit fix node-gyp@5.1.1 It cannot be fixed automatically.
npm warn audit fix node-gyp@5.1.1 Check for updates to the npm package.
npm warn audit fix pacote@9.5.12 node_modules/npm/node_modules/pacote
npm warn audit fix pacote@9.5.12 is a bundled dependency of
npm warn audit fix pacote@9.5.12 npm@6.14.18 at node_modules/npm
npm warn audit fix pacote@9.5.12 It cannot be fixed automatically.
npm warn audit fix pacote@9.5.12 Check for updates to the npm package.
npm warn audit fix latest-version@3.1.0 node_modules/npm/node_modules/latest-version
npm warn audit fix latest-version@3.1.0 is a bundled dependency of
npm warn audit fix latest-version@3.1.0 npm@6.14.18 at node_modules/npm
npm warn audit fix latest-version@3.1.0 It cannot be fixed automatically.
npm warn audit fix latest-version@3.1.0 Check for updates to the npm package.
npm warn audit fix npm-registry-fetch@4.0.7 node_modules/npm/node_modules/npm-registry-fetch
npm warn audit fix npm-registry-fetch@4.0.7 is a bundled dependency of
npm warn audit fix npm-registry-fetch@4.0.7 npm@6.14.18 at node_modules/npm
npm warn audit fix npm-registry-fetch@4.0.7 It cannot be fixed automatically.
npm warn audit fix npm-registry-fetch@4.0.7 Check for updates to the npm package.
npm warn audit fix socks-proxy-agent@4.0.2 node_modules/npm/node_modules/socks-proxy-agent
npm warn audit fix socks-proxy-agent@4.0.2 is a bundled dependency of
npm warn audit fix socks-proxy-agent@4.0.2 npm@6.14.18 at node_modules/npm
npm warn audit fix socks-proxy-agent@4.0.2 It cannot be fixed automatically.
npm warn audit fix socks-proxy-agent@4.0.2 Check for updates to the npm package.
npm warn audit fix npm-lifecycle@3.1.5 node_modules/npm/node_modules/npm-lifecycle
npm warn audit fix npm-lifecycle@3.1.5 is a bundled dependency of
npm warn audit fix npm-lifecycle@3.1.5 npm@6.14.18 at node_modules/npm
npm warn audit fix npm-lifecycle@3.1.5 It cannot be fixed automatically.
npm warn audit fix npm-lifecycle@3.1.5 Check for updates to the npm package.
npm warn audit fix libnpm@3.0.1 node_modules/npm/node_modules/libnpm
npm warn audit fix libnpm@3.0.1 is a bundled dependency of
npm warn audit fix libnpm@3.0.1 npm@6.14.18 at node_modules/npm
npm warn audit fix libnpm@3.0.1 It cannot be fixed automatically.
npm warn audit fix libnpm@3.0.1 Check for updates to the npm package.
npm warn audit fix libcipm@4.0.8 node_modules/npm/node_modules/libcipm
npm warn audit fix libcipm@4.0.8 is a bundled dependency of
npm warn audit fix libcipm@4.0.8 npm@6.14.18 at node_modules/npm
npm warn audit fix libcipm@4.0.8 It cannot be fixed automatically.
npm warn audit fix libcipm@4.0.8 Check for updates to the npm package.
npm warn audit fix update-notifier@2.5.0 node_modules/npm/node_modules/update-notifier
npm warn audit fix update-notifier@2.5.0 is a bundled dependency of
npm warn audit fix update-notifier@2.5.0 npm@6.14.18 at node_modules/npm
npm warn audit fix update-notifier@2.5.0 It cannot be fixed automatically.
npm warn audit fix update-notifier@2.5.0 Check for updates to the npm package.
npm warn audit fix libnpmpublish@1.1.2 node_modules/npm/node_modules/libnpmpublish
npm warn audit fix libnpmpublish@1.1.2 is a bundled dependency of
npm warn audit fix libnpmpublish@1.1.2 npm@6.14.18 at node_modules/npm
npm warn audit fix libnpmpublish@1.1.2 It cannot be fixed automatically.
npm warn audit fix libnpmpublish@1.1.2 Check for updates to the npm package.
npm warn audit fix libnpmaccess@3.0.2 node_modules/npm/node_modules/libnpmaccess
npm warn audit fix libnpmaccess@3.0.2 is a bundled dependency of
npm warn audit fix libnpmaccess@3.0.2 npm@6.14.18 at node_modules/npm
npm warn audit fix libnpmaccess@3.0.2 It cannot be fixed automatically.
npm warn audit fix libnpmaccess@3.0.2 Check for updates to the npm package.
npm warn audit fix npm-profile@4.0.4 node_modules/npm/node_modules/npm-profile
npm warn audit fix npm-profile@4.0.4 is a bundled dependency of
npm warn audit fix npm-profile@4.0.4 npm@6.14.18 at node_modules/npm
npm warn audit fix npm-profile@4.0.4 It cannot be fixed automatically.
npm warn audit fix npm-profile@4.0.4 Check for updates to the npm package.
npm warn audit fix libnpmhook@5.0.3 node_modules/npm/node_modules/libnpmhook
npm warn audit fix libnpmhook@5.0.3 is a bundled dependency of
npm warn audit fix libnpmhook@5.0.3 npm@6.14.18 at node_modules/npm
npm warn audit fix libnpmhook@5.0.3 It cannot be fixed automatically.
npm warn audit fix libnpmhook@5.0.3 Check for updates to the npm package.
npm warn audit fix libnpmorg@1.0.1 node_modules/npm/node_modules/libnpmorg
npm warn audit fix libnpmorg@1.0.1 is a bundled dependency of
npm warn audit fix libnpmorg@1.0.1 npm@6.14.18 at node_modules/npm
npm warn audit fix libnpmorg@1.0.1 It cannot be fixed automatically.
npm warn audit fix libnpmorg@1.0.1 Check for updates to the npm package.
npm warn audit fix libnpmteam@1.0.2 node_modules/npm/node_modules/libnpmteam
npm warn audit fix libnpmteam@1.0.2 is a bundled dependency of
npm warn audit fix libnpmteam@1.0.2 npm@6.14.18 at node_modules/npm
npm warn audit fix libnpmteam@1.0.2 It cannot be fixed automatically.
npm warn audit fix libnpmteam@1.0.2 Check for updates to the npm package.
npm warn audit fix libnpmsearch@2.0.2 node_modules/npm/node_modules/libnpmsearch
npm warn audit fix libnpmsearch@2.0.2 is a bundled dependency of
npm warn audit fix libnpmsearch@2.0.2 npm@6.14.18 at node_modules/npm
npm warn audit fix libnpmsearch@2.0.2 It cannot be fixed automatically.
npm warn audit fix libnpmsearch@2.0.2 Check for updates to the npm package.
npm warn audit fix libnpx@10.2.4 node_modules/npm/node_modules/libnpx
npm warn audit fix libnpx@10.2.4 is a bundled dependency of
npm warn audit fix libnpx@10.2.4 npm@6.14.18 at node_modules/npm
npm warn audit fix libnpx@10.2.4 It cannot be fixed automatically.
npm warn audit fix libnpx@10.2.4 Check for updates to the npm package.
npm warn audit Updating css-loader to 7.1.2, which is a SemVer major change.
npm warn audit Updating npm to 10.8.3, which is a SemVer major change.
npm warn audit No fix available for leaflet-splitmap@*
npm warn audit No fix available for leaflet-transform@*
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated rimraf@2.7.1: Rimraf versions prior to v4 are no longer supported
npm warn deprecated @humanwhocodes/config-array@0.11.14: Use @eslint/config-array instead
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
npm warn deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm warn deprecated glob@7.1.7: Glob versions prior to v9 are no longer supported
npm warn deprecated point-geometry@0.0.0: This module has moved: please install @mapbox/point-geometry instead
npm warn deprecated vector-tile@1.3.0: This module has moved: please install @mapbox/vector-tile instead
added 621 packages, and audited 822 packages in 11s
167 packages are looking for funding
run `npm fund` for details
# npm audit report
mime <1.4.1
Severity: high
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input - https://github.com/advisories/GHSA-wrvr-8mpx-r7pp
fix available via `npm audit fix`
node_modules/mime
underscore 1.3.2 - 1.12.0
Severity: critical
Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
No fix available
node_modules/css-img-datauri-stream/node_modules/underscore
css-img-datauri-stream *
Depends on vulnerable versions of mime
Depends on vulnerable versions of underscore
node_modules/css-img-datauri-stream
leaflet-splitmap *
Depends on vulnerable versions of css-img-datauri-stream
node_modules/leaflet-splitmap
leaflet-transform *
Depends on vulnerable versions of css-img-datauri-stream
node_modules/leaflet-transform
5 vulnerabilities (1 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
Some issues need review, and may require choosing
a different dependency.
NPM audit report on jupyter_leaflet-0.9.2: