extension deps security vulnerabilities

[ctf0]

i ran osv scanner and i found some security vulnerabilities with the the ext deps

| https://osv.dev/GHSA-v88g-cgmw-v5xw │ 5.6 │ npm │ ajv │ 4.11.2 │ │ https://osv.dev/GHSA-67hx-6x53-jw92 │ 9.3 │ npm │ babel-traverse │ 6.22.1 │ │ https://osv.dev/GHSA-qwcr-r2fm-qrc7 │ 8.7 │ npm │ body-parser │ 1.16.0 │ │ https://osv.dev/GHSA-832h-xg76-4gv6 │ 7.5 │ npm │ brace-expansion │ 1.1.6 │ │ https://osv.dev/GHSA-cwfw-4gq5-mrqx │ │ npm │ braces │ 1.8.5 │ │ https://osv.dev/GHSA-g95f-p29q-9xw4 │ 3.7 │ npm │ braces │ 1.8.5 │ │ https://osv.dev/GHSA-grv7-fg5c-xmjg │ 7.5 │ npm │ braces │ 1.8.5 │ │ https://osv.dev/GHSA-wxhq-pm8v-cw75 │ │ npm │ clean-css │ 3.4.24 │ │ https://osv.dev/GHSA-4vmm-mhcq-4x9j │ 10.0 │ npm │ constantinople │ 3.1.0 │ │ https://osv.dev/GHSA-pxg6-pf52-xh8x │ │ npm │ cookie │ 0.3.1 │ │ https://osv.dev/GHSA-9vvw-cc9w-f27h │ 7.5 │ npm │ debug │ 2.2.0 │ │ https://osv.dev/GHSA-gxpj-cx7g-858c │ 3.7 │ npm │ debug │ 2.2.0 │ │ https://osv.dev/GHSA-9vvw-cc9w-f27h │ 7.5 │ npm │ debug │ 2.3.3 │ │ https://osv.dev/GHSA-gxpj-cx7g-858c │ 3.7 │ npm │ debug │ 2.3.3 │ │ https://osv.dev/GHSA-9vvw-cc9w-f27h │ 7.5 │ npm │ debug │ 2.6.0 │ │ https://osv.dev/GHSA-gxpj-cx7g-858c │ 3.7 │ npm │ debug │ 2.6.0 │ │ https://osv.dev/GHSA-hr2v-3952-633q │ 9.8 │ npm │ deep-extend │ 0.4.1 │ │ https://osv.dev/GHSA-wm7h-9275-46v2 │ 7.5 │ npm │ dicer │ 0.2.5 │ │ https://osv.dev/GHSA-j4f2-536g-r55m │ 7.5 │ npm │ engine.io │ 1.8.2 │ │ https://osv.dev/GHSA-r7qp-cfhv-p84w │ 6.5 │ npm │ engine.io │ 1.8.2 │ │ https://osv.dev/GHSA-4gmj-3p3h-gm8h │ │ npm │ es5-ext │ 0.10.12 │ │ https://osv.dev/GHSA-rv95-896h-c2vc │ 6.1 │ npm │ express │ 4.14.1 │ │ https://osv.dev/GHSA-qw6h-vgh9-j6wx │ 5.0 │ npm │ express │ 4.14.1 │ │ https://osv.dev/GHSA-qrmc-fj45-qfc2 │ │ npm │ extend │ 3.0.0 │ │ https://osv.dev/GHSA-mpcf-4gmh-23w8 │ 7.5 │ npm │ forwarded │ 0.1.0 │ │ https://osv.dev/GHSA-9qj9-36jm-prpv │ 7.5 │ npm │ fresh │ 0.3.0 │ │ https://osv.dev/GHSA-8r6j-v8pm-fqw3 │ 9.8 │ npm │ fsevents │ 1.0.17 │ │ https://osv.dev/MAL-2023-462 │ │ npm │ fsevents │ 1.0.17 │ │ https://osv.dev/GHSA-xf7w-r453-m56c │ 7.5 │ npm │ fstream │ 1.0.10 │ │ https://osv.dev/GHSA-44pw-h2cw-w3vq │ 7.4 │ npm │ hawk │ 3.1.3 │ │ https://osv.dev/GHSA-jp4x-w63m-7wgm │ 8.8 │ npm │ hoek │ 2.16.3 │ │ https://osv.dev/GHSA-c429-5p7v-vgjp │ 8.1 │ npm │ hoek │ 2.16.3 │ │ https://osv.dev/GHSA-qqgx-2p2h-9c37 │ 7.3 │ npm │ ini │ 1.3.4 │ │ https://osv.dev/GHSA-78xj-cgh5-2h22 │ │ npm │ ip │ 1.1.4 │ │ https://osv.dev/GHSA-2p57-rm9w-gvfp │ 8.1 │ npm │ ip │ 1.1.4 │ │ https://osv.dev/GHSA-4hpf-3wq7-5rpr │ 5.3 │ npm │ is-my-json-valid │ 2.15.0 │ │ https://osv.dev/GHSA-f522-ffg8-j8r6 │ 7.5 │ npm │ is-my-json-valid │ 2.15.0 │ │ https://osv.dev/GHSA-2pr6-76vf-7546 │ 5.9 │ npm │ js-yaml │ 3.7.0 │ │ https://osv.dev/GHSA-8j8c-7jfh-h6hx │ │ npm │ js-yaml │ 3.7.0 │ │ https://osv.dev/GHSA-896r-f27r-55mw │ 9.8 │ npm │ json-schema │ 0.2.3 │ │ https://osv.dev/GHSA-9c47-m6qq-7p4h │ 7.1 │ npm │ json5 │ 0.5.1 │ │ https://osv.dev/GHSA-282f-qqgm-c34q │ 5.6 │ npm │ jsonpointer │ 4.0.1 │ │ https://osv.dev/GHSA-fvqr-27wr-82fm │ 6.5 │ npm │ lodash │ 4.17.4 │ │ https://osv.dev/GHSA-4xc9-xhrj-v574 │ │ npm │ lodash │ 4.17.4 │ │ https://osv.dev/GHSA-x5rq-j2xg-h7qm │ │ npm │ lodash │ 4.17.4 │ │ https://osv.dev/GHSA-jf85-cpcp-j695 │ 9.1 │ npm │ lodash │ 4.17.4 │ │ https://osv.dev/GHSA-p6mc-m468-83gw │ 7.4 │ npm │ lodash │ 4.17.4 │ │ https://osv.dev/GHSA-29mw-wpgm-hmr9 │ 5.3 │ npm │ lodash │ 4.17.4 │ │ https://osv.dev/GHSA-35jh-r3h4-6jhm │ 7.2 │ npm │ lodash │ 4.17.4 │ │ https://osv.dev/GHSA-952p-6rrq-rcjv │ 5.3 │ npm │ micromatch │ 2.3.11 │ │ https://osv.dev/GHSA-wrvr-8mpx-r7pp │ 7.5 │ npm │ mime │ 1.3.4 │ │ https://osv.dev/GHSA-hxm2-r34f-qmc5 │ 7.5 │ npm │ minimatch │ 0.3.0 │ │ https://osv.dev/GHSA-f8q6-p94x-37v3 │ 7.5 │ npm │ minimatch │ 0.3.0 │ │ https://osv.dev/GHSA-f8q6-p94x-37v3 │ 7.5 │ npm │ minimatch │ 3.0.3 │ │ https://osv.dev/GHSA-vh95-rmgr-6w4m │ 9.8 │ npm │ minimist │ 0.0.8 │ │ https://osv.dev/GHSA-xvch-5gv4-984h │ │ │ │ │ │ https://osv.dev/GHSA-vh95-rmgr-6w4m │ 9.8 │ npm │ minimist │ 1.2.0 │ │ https://osv.dev/GHSA-xvch-5gv4-984h │ │ │ │ │ │ https://osv.dev/GHSA-446m-mv8f-q348 │ 7.5 │ npm │ moment │ 2.17.1 │ │ https://osv.dev/GHSA-8hfj-j24r-96c4 │ 7.5 │ npm │ moment │ 2.17.1 │ │ https://osv.dev/GHSA-56x4-j7p9-fcf9 │ │ npm │ moment-timezone │ 0.5.11 │ │ https://osv.dev/GHSA-v78c-4p63-2j6c │ │ npm │ moment-timezone │ 0.5.11 │ │ https://osv.dev/GHSA-w9mr-4mfr-499f │ 5.3 │ npm │ ms │ 0.7.1 │ │ https://osv.dev/GHSA-w9mr-4mfr-499f │ 5.3 │ npm │ ms │ 0.7.2 │ │ https://osv.dev/GHSA-q75g-2496-mxpp │ │ npm │ parsejson │ 0.0.3 │ │ https://osv.dev/GHSA-9wv6-86v2-598j │ 7.7 │ npm │ path-to-regexp │ 0.1.7 │ │ https://osv.dev/GHSA-h2p3-h48h-9jj7 │ 9.8 │ npm │ pidusage │ 1.1.1 │ │ https://osv.dev/GHSA-hfq9-rfpv-j8r8 │ │ npm │ pidusage │ 1.1.1 │ │ https://osv.dev/GHSA-p493-635q-r6gr │ 6.8 │ npm │ pug │ 2.0.0-beta10 │ │ https://osv.dev/GHSA-3965-hpx2-q597 │ 6.8 │ npm │ pug │ 2.0.0-beta10 │ │ https://osv.dev/GHSA-p493-635q-r6gr │ 6.8 │ npm │ pug-code-gen │ 1.1.1 │ │ https://osv.dev/GHSA-3965-hpx2-q597 │ 6.8 │ npm │ pug-code-gen │ 1.1.1 │ │ https://osv.dev/GHSA-gqgv-6jq5-jjj9 │ 7.5 │ npm │ qs │ 6.2.0 │ │ https://osv.dev/GHSA-hrpp-h998-j3pp │ 7.5 │ npm │ qs │ 6.2.0 │ │ https://osv.dev/GHSA-gqgv-6jq5-jjj9 │ 7.5 │ npm │ qs │ 6.2.1 │ │ https://osv.dev/GHSA-hrpp-h998-j3pp │ 7.5 │ npm │ qs │ 6.2.1 │ │ https://osv.dev/GHSA-gqgv-6jq5-jjj9 │ 7.5 │ npm │ qs │ 6.3.0 │ │ https://osv.dev/GHSA-hrpp-h998-j3pp │ 7.5 │ npm │ qs │ 6.3.0 │ │ https://osv.dev/GHSA-6g33-f262-xjp4 │ 5.3 │ npm │ randomatic │ 1.1.6 │ │ https://osv.dev/GHSA-35q2-47q7-3pc3 │ 7.5 │ npm │ redis │ 2.6.5 │ │ https://osv.dev/GHSA-p8p7-x288-28g6 │ 6.1 │ npm │ request │ 2.79.0 │ │ https://osv.dev/GHSA-gcx4-mw62-g8wm │ 8.3 │ npm │ rollup │ 0.41.4 │ │ https://osv.dev/GHSA-c2qf-rxjj-qqgw │ 7.5 │ npm │ semver │ 5.3.0 │ │ https://osv.dev/GHSA-m6fv-jmcg-4jfg │ 5.0 │ npm │ send │ 0.14.2 │ │ https://osv.dev/GHSA-cm22-4g7w-348p │ 5.0 │ npm │ serve-static │ 1.11.2 │ │ https://osv.dev/GHSA-4rq4-32rv-6wp6 │ 7.1 │ npm │ shelljs │ 0.7.5 │ │ https://osv.dev/GHSA-64g7-mvw6-v9qj │ │ npm │ shelljs │ 0.7.5 │ │ https://osv.dev/GHSA-fxwf-4rqh-v8g3 │ 4.3 │ npm │ socket.io │ 1.7.2 │ │ https://osv.dev/GHSA-25hc-qcg6-38wj │ 7.3 │ npm │ socket.io │ 1.7.2 │ │ https://osv.dev/GHSA-xfhh-g9f5-x4m4 │ 7.5 │ npm │ socket.io-parser │ 2.3.1 │ │ https://osv.dev/GHSA-qm95-pgcg-qqfq │ 9.8 │ npm │ socket.io-parser │ 2.3.1 │ │ https://osv.dev/GHSA-cqmj-92xf-r6r9 │ 7.3 │ npm │ socket.io-parser │ 2.3.1 │ │ https://osv.dev/GHSA-2m39-62fm-q8r3 │ 7.5 │ npm │ sshpk │ 1.10.2 │ │ https://osv.dev/GHSA-mf6x-7mm4-x2g7 │ │ npm │ stringstream │ 0.0.5 │ │ https://osv.dev/GHSA-j44m-qm6p-hp7m │ 7.5 │ npm │ tar │ 2.2.1 │ │ https://osv.dev/GHSA-3jfq-g458-7qm9 │ 8.2 │ npm │ tar │ 2.2.1 │ │ https://osv.dev/GHSA-5955-9wpr-37jh │ 8.2 │ npm │ tar │ 2.2.1 │ │ https://osv.dev/GHSA-f5x3-32g6-xq36 │ 6.5 │ npm │ tar │ 2.2.1 │ │ https://osv.dev/GHSA-g7q5-pjjr-gqvp │ 7.5 │ npm │ tough-cookie │ 2.3.2 │ │ https://osv.dev/GHSA-72xf-g2v4-qvf3 │ 6.5 │ npm │ tough-cookie │ 2.3.2 │ │ https://osv.dev/GHSA-xc7v-wxcw-j472 │ │ npm │ tunnel-agent │ 0.4.3 │ │ https://osv.dev/GHSA-5v72-xg48-5rpm │ 7.5 │ npm │ ws │ 1.1.1 │ │ https://osv.dev/GHSA-72mh-269x-7mh5 │ 9.4 │ npm │ xmlhttprequest-ssl │ 1.5.3 │ │ https://osv.dev/GHSA-h4j5-c7cj-74xg │ 9.8 │ npm │ xmlhttprequest-ssl │ 1.5.3 │

[miguelsolorio]

Appreciate the issue but I running I use npm audit to fix these and everything is up-to-date:

$ npm audit --audit-level=moderate --verbose
npm verbose cli /opt/homebrew/Cellar/node/22.9.0/bin/node /opt/homebrew/bin/npm
npm info using npm@10.8.3
npm info using node@v22.9.0
npm verbose title npm audit
npm verbose argv "audit" "--audit-level" "moderate" "--loglevel" "verbose"
npm verbose logfile logs-max:10 dir:/Users/miguelsolorio/.npm/_logs/2024-11-22T22_08_37_396Z-
npm verbose logfile /Users/miguelsolorio/.npm/_logs/2024-11-22T22_08_37_396Z-debug-0.log
npm http fetch POST 200 https://registry.npmjs.org/-/npm/v1/security/advisories/bulk 167ms
found 0 vulnerabilities
npm verbose cwd /Users/miguelsolorio/Developer/vscode-symbols
npm verbose os Darwin 24.1.0
npm verbose node v22.9.0
npm verbose npm  v10.8.3
npm verbose exit 0
npm info ok