# npm audit report
ajv <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix`
node_modules/oas-validator/node_modules/ajv
oas-validator <=4.0.8
Depends on vulnerable versions of ajv
Depends on vulnerable versions of better-ajv-errors
Depends on vulnerable versions of oas-resolver
node_modules/oas-validator
swagger2openapi 2.2.1 - 6.2.3
Depends on vulnerable versions of oas-resolver
Depends on vulnerable versions of oas-validator
Depends on vulnerable versions of yargs
node_modules/swagger2openapi
widdershins 1.1.0 - 1.1.1 || 2.2.1 - 2.2.11 || >=3.0.0-beta0.0
Depends on vulnerable versions of oas-resolver
Depends on vulnerable versions of swagger2openapi
Depends on vulnerable versions of yargs
node_modules/widdershins
ejs <3.1.7
Severity: critical
Template injection in ejs - https://github.com/advisories/GHSA-phwq-j96m-2c2q
fix available via `npm audit fix`
node_modules/ejs
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix`
node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/package-json
latest-version 0.2.0 - 5.1.0
Depends on vulnerable versions of package-json
node_modules/latest-version
update-notifier 0.2.0 - 5.1.0
Depends on vulnerable versions of latest-version
node_modules/update-notifier
nodemon 1.3.5 - 2.0.16 || 2.0.18
Depends on vulnerable versions of update-notifier
node_modules/nodemon
jsonpointer <5.0.0
Severity: moderate
Prototype Pollution in node-jsonpointer - https://github.com/advisories/GHSA-282f-qqgm-c34q
fix available via `npm audit fix`
node_modules/better-ajv-errors/node_modules/jsonpointer
better-ajv-errors <=0.8.1
Depends on vulnerable versions of jsonpointer
node_modules/better-ajv-errors
markdown-it <12.3.2
Severity: moderate
Uncontrolled Resource Consumption in markdown-it - https://github.com/advisories/GHSA-6vfc-qv3f-vr6c
No fix available
node_modules/markdown-it
shins *
Depends on vulnerable versions of ejs
Depends on vulnerable versions of markdown-it
Depends on vulnerable versions of sanitize-html
node_modules/shins
api2html *
Depends on vulnerable versions of shins
Depends on vulnerable versions of widdershins
node_modules/api2html
passport <0.6.0
Severity: moderate
Improper session management in passport - https://github.com/advisories/GHSA-v923-w3x8-wh69
fix available via `npm audit fix --force`
Will install passport@0.6.0, which is a breaking change
node_modules/passport
protobufjs 6.11.0 - 6.11.2
Severity: high
Prototype Pollution in protobufjs - https://github.com/advisories/GHSA-g954-5hwp-pp24
fix available via `npm audit fix`
node_modules/protobufjs
google-gax 2.2.1-pre - 2.2.1-pre.2 || 2.21.1 - 2.30.4 || 3.0.0 - 3.0.1
Depends on vulnerable versions of protobufjs
node_modules/google-gax
sanitize-html <=2.3.1
Severity: moderate
Improper Input Validation in sanitize-html - https://github.com/advisories/GHSA-mjxr-4v3x-q3m4
Improper Input Validation in sanitize-html - https://github.com/advisories/GHSA-rjqq-98f6-6j3r
No fix available
node_modules/sanitize-html
yargs-parser 6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
fix available via `npm audit fix`
node_modules/oas-resolver/node_modules/yargs-parser
node_modules/swagger2openapi/node_modules/yargs-parser
node_modules/widdershins/node_modules/yargs-parser
yargs 8.0.0-candidate.0 - 12.0.5
Depends on vulnerable versions of yargs-parser
node_modules/oas-resolver/node_modules/yargs
node_modules/swagger2openapi/node_modules/yargs
node_modules/widdershins/node_modules/yargs
oas-resolver <=2.3.1
Depends on vulnerable versions of yargs
node_modules/oas-resolver
22 vulnerabilities (18 moderate, 2 high, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
github-actions[bot]
commented
2 years ago