mssql fails npm audit with 5 vunerabilities

[Wes-Love]

MSSQL FAILS npm audit with the following message:

npm audit report

jsonwebtoken <=8.5.1 Severity: high jsonwebtoken has insecure input validation in jwt.verify function - https://github.com/advisories/GHSA-27h2-hvpr-p74q jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - https://github.com/advisories/GHSA-hjrf-2m68-5959 jsonwebtoken unrestricted key type could lead to legacy keys usage - https://github.com/advisories/GHSA-8cf7-32gw-wr33 fix available via npm audit fix --force Will install mssql@7.2.0, which is a breaking change node_modules/jsonwebtoken @azure/msal-node * Depends on vulnerable versions of jsonwebtoken node_modules/@azure/msal-node @azure/identity >=1.2.0-alpha.20200903.1 Depends on vulnerable versions of @azure/msal-node node_modules/@azure/identity tedious >=11.0.9 Depends on vulnerable versions of @azure/identity node_modules/tedious mssql >=7.2.1 Depends on vulnerable versions of tedious node_modules/mssql

5 vulnerabilities (4 moderate, 1 high)

To address all issues (including breaking changes), run: npm audit fix --force

Expected behaviour:

No vunerabilities found

Software versions

• NodeJS: 16.17.0
• node-mssql: 9.0.0 & 9.0.1
• SQL Server: 2019

[dhensby]

Duplicate of #1451