search

tsubakimoto / github-actions-samples

Playground for GitHub Actions
https://tsubakimoto.github.io/github-actions-samples/
MIT License
13 stars 1 forks source link

update express #79

Closed tsubakimoto closed 6 months ago

tsubakimoto commented 6 months ago
tsubakimoto commented 6 months ago 
express [express-update]$ npm update --save

added 8 packages, removed 1 package, changed 80 packages, and audited 132 packages in 15s

13 packages are looking for funding
  run `npm fund` for details

7 vulnerabilities (2 low, 5 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues, run:
  npm audit fix --force

Run `npm audit` for details.
express [express-update]$ npm outdated
Package           Current        Wanted  Latest  Location                  Depended by
debug               2.6.9         2.6.9   4.3.4  node_modules/debug        express
express            4.16.4        4.16.4  4.19.2  node_modules/express      express
http-errors         1.6.3         1.6.3   2.0.0  node_modules/http-errors  express
morgan              1.9.1         1.9.1  1.10.0  node_modules/morgan       express
pug          2.0.0-beta11  2.0.0-beta11   3.0.2  node_modules/pug          express
express [express-update]$ npm install -g npm-check-updates
npm WARN deprecated @npmcli/move-file@2.0.1: This functionality has been moved to @npmcli/fs

added 338 packages in 47s

67 packages are looking for funding
  run `npm fund` for details
express [express-update]$ ncu
Checking /workspaces/github-actions-samples/nodejs/express/package.json
[====================] 6/6 100%

 cookie-parser        ~1.4.4  →   ~1.4.6
 debug                ~2.6.9  →   ~4.3.4
 express             ~4.16.1  →  ~4.19.2
 http-errors          ~1.6.3  →   ~2.0.0
 morgan               ~1.9.1  →  ~1.10.0
 pug            2.0.0-beta11  →    3.0.2

Run ncu -u to upgrade package.json
express [express-update]$ ncu -u
Upgrading /workspaces/github-actions-samples/nodejs/express/package.json
[====================] 6/6 100%

 cookie-parser        ~1.4.4  →   ~1.4.6
 debug                ~2.6.9  →   ~4.3.4
 express             ~4.16.1  →  ~4.19.2
 http-errors          ~1.6.3  →   ~2.0.0
 morgan               ~1.9.1  →  ~1.10.0
 pug            2.0.0-beta11  →    3.0.2

Run npm install to install new versions.
express [express-update]$ npm audit
# npm audit report

clean-css  <4.1.11
Regular Expression Denial of Service in clean-css - https://github.com/advisories/GHSA-wxhq-pm8v-cw75
fix available via `npm audit fix`
node_modules/clean-css
  pug-filters  <=3.0.2
  Depends on vulnerable versions of clean-css
  node_modules/pug-filters

express  <=4.19.1 || 5.0.0-alpha.1 - 5.0.0-alpha.7
Severity: high
Express.js Open Redirect in malformed URLs - https://github.com/advisories/GHSA-rv95-896h-c2vc
Depends on vulnerable versions of body-parser
Depends on vulnerable versions of qs
fix available via `npm audit fix`
node_modules/express

pug-code-gen  <2.0.3
Severity: high
Remote code execution via the `pretty` option. - https://github.com/advisories/GHSA-p493-635q-r6gr
fix available via `npm audit fix`
node_modules/pug-code-gen
  pug  0.1.0 - 2.0.0-rc.4
  Depends on vulnerable versions of pug-code-gen
  Depends on vulnerable versions of pug-filters
  node_modules/pug

qs  6.5.0 - 6.5.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/qs
  body-parser  1.18.0 - 1.18.3
  Depends on vulnerable versions of qs
  node_modules/body-parser

7 vulnerabilities (2 low, 5 high)

To address all issues, run:
  npm audit fix
express [express-update]$ npm audit fix

added 26 packages, removed 33 packages, changed 40 packages, and audited 125 packages in 16s

17 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities