search

openscopeproject / TrguiNG

Remote GUI for Transmission torrent daemon
GNU Affero General Public License v3.0
372 stars 47 forks source link

npm reports "1 moderate severity vulnerability" #94

Closed simonbcn closed 1 year ago

simonbcn commented 1 year ago 
Linux NixOS 23.05
node v18.17.1
TrguiNG git version
$ npm install

added 699 packages, and audited 700 packages in 5s

168 packages are looking for funding
  run `npm fund` for details

1 moderate severity vulnerability

To address all issues, run:
  npm audit fix

Run `npm audit` for details.

$ npm audit
# npm audit report

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix`
node_modules/postcss

1 moderate severity vulnerability

To address all issues, run:
  npm audit fix
qu1ck commented 1 year ago

I'll fix this soon (assuming upstream is updated) but keep in mind that majority of npm reported vulnerabilities do not apply because TrguiNG is not a website, it's a closed system that does not touch any random code or load any external resources so attack surface is minimal.