Found 5 high severity vulnerabilities on your Package - Githubissues

scaleflex / ng-cloudimage-responsive

Cloudimage responsive plugin will make your website load the exact image size you need depending on your user's screen size. Multiple pixel ratios are supported. Any questions or issues, please report to https://github.com/scaleflex/ng-cloudimage-responsive/issues

MIT License

16 stars 6 forks source link

Found 5 high severity vulnerabilities on your Package #19

Closed Sampath-Lokuge closed 4 years ago

Sampath-Lokuge commented 4 years ago

Hi,

Can you tell me how to solve this?

+ ng-cloudimage-responsive@2.1.3
added 3 packages from 3 contributors, removed 6 packages and audited 1894 packages in 49.271s
found 5 high severity vulnerabilities
  run `npm audit fix` to fix them, or `npm audit` for details

I have run npm audit fix


added 1 package from 5 contributors, removed 5 packages and updated 1 package in 28.18s
fixed 1 of 5 vulnerabilities in 1894 scanned packages
  4 vulnerabilities required manual review and could not be updated

Still, 4 vulnerabilities are there.

npm audit

=== npm audit security report ===

                             Manual Review                                  
         Some vulnerabilities require your attention to resolve             

      Visit https://go.npm.me/audit-guide for additional guidance

High Prototype Pollution in node-forge

Package node-forge

Patched in >= 0.10.0

Dependency of firebase-tools [dev]

Path firebase-tools > @google-cloud/pubsub > google-auth-library

gtoken > google-p12-pem > node-forge

More info https://npmjs.com/advisories/1561

High Prototype Pollution in node-forge

Package node-forge

Patched in >= 0.10.0

Dependency of firebase-tools [dev]

Path firebase-tools > @google-cloud/pubsub > google-gax >
google-auth-library > gtoken > google-p12-pem > node-forge

More info https://npmjs.com/advisories/1561

High Prototype Pollution in node-forge

Package node-forge

Patched in >= 0.10.0

Dependency of firebase-tools [dev]

Path firebase-tools > google-auth-library > gtoken >
google-p12-pem > node-forge

More info https://npmjs.com/advisories/1561

High Prototype Pollution in node-forge

Package node-forge

Patched in >= 0.10.0

Dependency of firebase-tools [dev]

Path firebase-tools > google-gax > google-auth-library > gtoken >
google-p12-pem > node-forge

More info https://npmjs.com/advisories/1561

found 4 high severity vulnerabilities in 1895 scanned packages 4 vulnerabilities require manual review. See the full report for details.

I have tried many solutions. But none of them solve this issue.

https://www.npmjs.com/advisories/1561

https://stackoverflow.com/questions/63900727/vulnerability-detected-in-node-forge

Sampath-Lokuge commented 4 years ago

Sorry, this is not your issue. It is the Firebase tools issue: https://github.com/firebase/firebase-tools/issues/2671