schwarzdavid / bootstrap-email

MIT License
27 stars 11 forks source link

Dependencies vulnerability #26

Open polopelletier opened 2 years ago

polopelletier commented 2 years ago

I'm getting a lot of vulnerabilities when installing the latest version. I tried npm audit fix but this didn't help.

ejs  <3.1.7
Severity: high
Template injection in ejs - https://github.com/advisories/GHSA-phwq-j96m-2c2q
No fix available
node_modules/ejs
  bootstrap-email  *
  Depends on vulnerable versions of ejs
  node_modules/bootstrap-email

nth-check  <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix`
node_modules/juice/node_modules/nth-check
  css-select  <=3.1.0
  Depends on vulnerable versions of nth-check
  node_modules/juice/node_modules/css-select
    cheerio  0.19.0 - 1.0.0-rc.3
    Depends on vulnerable versions of css-select
    node_modules/juice/node_modules/cheerio
      juice  1.3.4 - 6.0.0
      Depends on vulnerable versions of cheerio
      node_modules/juice

6 vulnerabilities (4 moderate, 2 high)

node version 16.14.0 npm version 8.3.1

knopkem commented 9 months ago

https://www.npmjs.com/package/@knopkem/bootstrap-email