search

rebus-ink / ink-API

Hobb API Server: backend for the Rebus Reader system
GNU Affero General Public License v3.0
4 stars 5 forks source link

npm audit found vulnerabilities #723

Open github-actions[bot] opened 2 years ago

github-actions[bot] commented 2 years ago 
# npm audit report

ajv  <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix`
node_modules/oas-validator/node_modules/ajv
  oas-validator  <=4.0.8
  Depends on vulnerable versions of ajv
  Depends on vulnerable versions of oas-resolver
  node_modules/oas-validator
    swagger2openapi  2.2.1 - 6.2.3
    Depends on vulnerable versions of oas-resolver
    Depends on vulnerable versions of oas-validator
    Depends on vulnerable versions of yargs
    node_modules/swagger2openapi
      widdershins  1.1.0 - 1.1.1 || 2.2.1 - 2.2.11 || >=3.0.0-beta0.0
      Depends on vulnerable versions of oas-resolver
      Depends on vulnerable versions of swagger2openapi
      Depends on vulnerable versions of yargs
      node_modules/widdershins

ejs  <3.1.7
Severity: critical
Template injection in ejs - https://github.com/advisories/GHSA-phwq-j96m-2c2q
fix available via `npm audit fix`
node_modules/ejs

jsonpointer  <5.0.0
Severity: moderate
Prototype Pollution in node-jsonpointer - https://github.com/advisories/GHSA-282f-qqgm-c34q
fix available via `npm audit fix`
node_modules/better-ajv-errors/node_modules/jsonpointer
  better-ajv-errors  <=0.8.1
  Depends on vulnerable versions of jsonpointer
  node_modules/better-ajv-errors

markdown-it  <12.3.2
Severity: moderate
Uncontrolled Resource Consumption in markdown-it - https://github.com/advisories/GHSA-6vfc-qv3f-vr6c
No fix available
node_modules/markdown-it
  shins  *
  Depends on vulnerable versions of markdown-it
  Depends on vulnerable versions of sanitize-html
  node_modules/shins
    api2html  *
    Depends on vulnerable versions of shins
    node_modules/api2html

sanitize-html  <=2.3.1
Severity: moderate
Improper Input Validation in sanitize-html - https://github.com/advisories/GHSA-mjxr-4v3x-q3m4
Improper Input Validation in sanitize-html - https://github.com/advisories/GHSA-rjqq-98f6-6j3r
No fix available
node_modules/sanitize-html
  shins  *
  Depends on vulnerable versions of markdown-it
  Depends on vulnerable versions of sanitize-html
  node_modules/shins
    api2html  *
    Depends on vulnerable versions of shins
    node_modules/api2html

yargs-parser  6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix`
node_modules/oas-resolver/node_modules/yargs-parser
node_modules/swagger2openapi/node_modules/yargs-parser
node_modules/widdershins/node_modules/yargs-parser
  yargs  8.0.0-candidate.0 - 12.0.5
  Depends on vulnerable versions of yargs-parser
  node_modules/oas-resolver/node_modules/yargs
  node_modules/swagger2openapi/node_modules/yargs
  node_modules/widdershins/node_modules/yargs
    oas-resolver  <=2.3.1
    Depends on vulnerable versions of yargs
    node_modules/oas-resolver
      oas-validator  <=4.0.8
      Depends on vulnerable versions of ajv
      Depends on vulnerable versions of oas-resolver
      node_modules/oas-validator
        swagger2openapi  2.2.1 - 6.2.3
        Depends on vulnerable versions of oas-resolver
        Depends on vulnerable versions of oas-validator
        Depends on vulnerable versions of yargs
        node_modules/swagger2openapi
          widdershins  1.1.0 - 1.1.1 || 2.2.1 - 2.2.11 || >=3.0.0-beta0.0
          Depends on vulnerable versions of oas-resolver
          Depends on vulnerable versions of swagger2openapi
          Depends on vulnerable versions of yargs
          node_modules/widdershins

14 vulnerabilities (13 moderate, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.