Hello
Whenever I am running npm install, I am getting critical severity vulnerabilities. npm audit fix --force rollback express-sharp to 3.1.1, however, it again shows vulnerabilities there for other packages. Currently, I am in a loop and cannot solve this. Can someone please help me here to solve this?
Any help or guidance is much appreciated. Thanks in advance.
Error when express-sharp 4.2.41 is used:
class-validator <0.14.0
Severity: critical
SQL Injection and Cross-site Scripting in class-validator - https://github.com/advisories/GHSA-fj58-h2fr-3pp2
fix available via `npm audit fix --force`
Will install express-sharp@3.1.1, which is a breaking change
node_modules/class-validator
express-sharp >=4.0.1
Depends on vulnerable versions of class-validator
node_modules/express-sharp
2 critical severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Error when express-sharp 3.1.1 is used:
# npm audit report
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install express-sharp@4.2.41, which is a breaking change
node_modules/got
express-sharp <=4.2.40
Depends on vulnerable versions of express-validator
Depends on vulnerable versions of got
Depends on vulnerable versions of sharp
node_modules/express-sharp
sharp <0.30.5
Severity: moderate
sharp vulnerable to Command Injection in post-installation over build environment - https://github.com/advisories/GHSA-gp95-ppv5-3jc5
fix available via `npm audit fix --force`
Will install express-sharp@4.2.41, which is a breaking change
node_modules/sharp
validator <13.7.0
Severity: moderate
Inefficient Regular Expression Complexity in validator.js - https://github.com/advisories/GHSA-qgmg-gppg-76g5
fix available via `npm audit fix --force`
Will install express-sharp@4.2.41, which is a breaking change
node_modules/express-sharp/node_modules/validator
express-validator 0.2.0 - 6.4.1
Depends on vulnerable versions of validator
node_modules/express-sharp/node_modules/express-validator
5 moderate severity vulnerabilities
Hello Whenever I am running npm install, I am getting critical severity vulnerabilities. npm audit fix --force rollback express-sharp to 3.1.1, however, it again shows vulnerabilities there for other packages. Currently, I am in a loop and cannot solve this. Can someone please help me here to solve this?
Any help or guidance is much appreciated. Thanks in advance.
Error when express-sharp 4.2.41 is used:
Error when express-sharp 3.1.1 is used: