search

workingLychee / GitHub-CI-DEMO

0 stars 0 forks source link

npm audit found vulnerabilities #1

Open github-actions[bot] opened 2 years ago

github-actions[bot] commented 2 years ago 
=== npm audit security report ===                        

# Run  npm install eslint@8.2.0  to resolve 2 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ eslint                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ eslint > strip-ansi > ansi-regex                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ eslint                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ eslint > table > string-width > strip-ansi > ansi-regex      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘

# Run  npm install --save-dev stylelint@14.1.0  to resolve 8 vulnerabilities
SEMVER WARNING: Recommended action is a potentially breaking change
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ stylelint [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ stylelint > string-width > strip-ansi > ansi-regex           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ stylelint [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ stylelint > table > string-width > strip-ansi > ansi-regex   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular Expression Denial of Service in trim-newlines        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ trim-newlines                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ stylelint [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ stylelint > meow > trim-newlines                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-7p7h-4mm5-852v            │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular expression denial of service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ stylelint [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ stylelint > globby > fast-glob > glob-parent                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-ww39-953v-wcq6            │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular expression denial of service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ stylelint [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ stylelint > micromatch > parse-glob > glob-base >            │
│               │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-ww39-953v-wcq6            │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular Expression Denial of Service in trim                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ trim                                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ stylelint [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ stylelint > postcss-markdown > remark > remark-parse > trim  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-w5p7-h5w8-2hfq            │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype Pollution in yargs-parser                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ stylelint [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ stylelint > meow > yargs-parser                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-p9pc-299p-vxgp            │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service in braces               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ braces                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ stylelint [dev]                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ stylelint > micromatch > braces                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-g95f-p29q-9xw4            │
└───────────────┴──────────────────────────────────────────────────────────────┘

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > @tarojs/transformer-wx > eslint > strip-ansi > │
│               │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > @tarojs/transformer-wx > eslint > inquirer >   │
│               │ string-width > strip-ansi > ansi-regex                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > @tarojs/transformer-wx > eslint > inquirer >   │
│               │ strip-ansi > ansi-regex                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > eslint > strip-ansi > ansi-regex               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > eslint > table > string-width > strip-ansi >   │
│               │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > @tarojs/transformer-wx > eslint > table >      │
│               │ string-width > strip-ansi > ansi-regex                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > npm-check > depcheck > yargs > cliui >         │
│               │ string-width > strip-ansi > ansi-regex                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > npm-check > depcheck > yargs > cliui >         │
│               │ wrap-ansi > string-width > strip-ansi > ansi-regex           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > inquirer > strip-ansi > ansi-regex             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > inquirer > string-width > strip-ansi >         │
│               │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > npm-check > update-notifier > boxen >          │
│               │ ansi-align > string-width > strip-ansi > ansi-regex          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > npm-check > update-notifier > boxen >          │
│               │ string-width > strip-ansi > ansi-regex                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │  Inefficient Regular Expression Complexity in                │
│               │ chalk/ansi-regex                                             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-regex                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > npm-check > update-notifier > boxen >          │
│               │ widest-line > string-width > strip-ansi > ansi-regex         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-93q8-gq69-wqmw            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Uncontrolled Resource Consumption in ansi-html               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ ansi-html                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ No patch available                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/webpack-runner [dev]                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/webpack-runner >                                     │
│               │ @pmmmwh/react-refresh-webpack-plugin > ansi-html             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-whgm-jr23-g3j9            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Regular Expression Denial of Service in postcss              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ postcss                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=7.0.36                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/webpack-runner [dev]                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/webpack-runner > resolve-url-loader > postcss        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-hwj9-h5mp-3pm3            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular Expression Denial of Service in trim-newlines        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ trim-newlines                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.0.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > npm-check > meow > trim-newlines               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-7p7h-4mm5-852v            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular expression denial of service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.1.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > mem-fs-editor > globby > fast-glob >           │
│               │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-ww39-953v-wcq6            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular expression denial of service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.1.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > vinyl-fs > glob-stream > glob-parent           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-ww39-953v-wcq6            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular expression denial of service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.1.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/mini-runner [dev]                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/mini-runner > copy-webpack-plugin > glob-parent      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-ww39-953v-wcq6            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular expression denial of service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.1.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/mini-runner [dev]                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/mini-runner > webpack > watchpack >                  │
│               │ watchpack-chokidar2 > chokidar > glob-parent                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-ww39-953v-wcq6            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular expression denial of service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.1.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/webpack-runner [dev]                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/webpack-runner > copy-webpack-plugin > glob-parent   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-ww39-953v-wcq6            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular expression denial of service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=5.1.2                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/webpack-runner [dev]                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/webpack-runner > webpack-dev-server > chokidar >     │
│               │ glob-parent                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-ww39-953v-wcq6            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ The `size` option isn't honored after following a redirect   │
│               │ in node-fetch                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ node-fetch                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.6.1                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/cli                                                  │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/cli > fbjs > isomorphic-fetch > node-fetch           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-w7rc-rwvf-8q5r            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Insecure serialization leading to RCE in                     │
│               │ serialize-javascript                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ serialize-javascript                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.1.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @tarojs/webpack-runner [dev]                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @tarojs/webpack-runner > copy-webpack-plugin >               │
│               │ serialize-javascript                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-hxcc-f52p-wc94            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Uncontrolled resource consumption in jpeg-js                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ jpeg-js                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.4.0                                                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ miniprogram-ci                                               │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ miniprogram-ci > jimp > @jimp/types > @jimp/jpeg > jpeg-js   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://github.com/advisories/GHSA-w7q9-p3jq-fmhm            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 35 vulnerabilities (2 low, 20 moderate, 13 high) in 3078 scanned packages
  10 vulnerabilities require semver-major dependency updates.
  25 vulnerabilities require manual review. See the full report for details.
github-actions[bot] commented 2 years ago 
# npm audit report

ansi-html  *
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix --force`
Will install @tarojs/webpack-runner@3.0.29, which is a breaking change
node_modules/ansi-html
  @pmmmwh/react-refresh-webpack-plugin  <=0.5.0-rc.6
  Depends on vulnerable versions of ansi-html
  node_modules/@pmmmwh/react-refresh-webpack-plugin
    @tarojs/webpack-runner  0.0.0-experimental.2 || 0.0.26 - 0.0.68-beta.4 || >=1.2.9
    Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
    Depends on vulnerable versions of copy-webpack-plugin
    Depends on vulnerable versions of resolve-url-loader
    Depends on vulnerable versions of webpack
    Depends on vulnerable versions of webpack-dev-server
    node_modules/@tarojs/webpack-runner
  webpack-dev-server  2.0.0-beta - 4.1.0
  Depends on vulnerable versions of ansi-html
  Depends on vulnerable versions of chokidar
  Depends on vulnerable versions of yargs
  node_modules/webpack-dev-server

ansi-regex  >2.1.1 <5.0.1
Severity: moderate
 Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
No fix available
node_modules/@tarojs/cli/node_modules/ansi-regex
node_modules/@tarojs/transformer-wx/node_modules/ansi-regex
node_modules/@tarojs/transformer-wx/node_modules/inquirer/node_modules/ansi-regex
node_modules/ansi-align/node_modules/ansi-regex
node_modules/ansi-regex
node_modules/boxen/node_modules/ansi-regex
node_modules/stylelint/node_modules/ansi-regex
node_modules/widest-line/node_modules/ansi-regex
  strip-ansi  4.0.0 - 5.2.0
  Depends on vulnerable versions of ansi-regex
  node_modules/@tarojs/cli/node_modules/strip-ansi
  node_modules/@tarojs/transformer-wx/node_modules/inquirer/node_modules/strip-ansi
  node_modules/@tarojs/transformer-wx/node_modules/strip-ansi
  node_modules/ansi-align/node_modules/strip-ansi
  node_modules/boxen/node_modules/strip-ansi
  node_modules/strip-ansi
  node_modules/stylelint/node_modules/strip-ansi
  node_modules/widest-line/node_modules/strip-ansi
    cliui  4.0.0 - 5.0.0
    Depends on vulnerable versions of strip-ansi
    Depends on vulnerable versions of wrap-ansi
    node_modules/cliui
      yargs  10.1.0 - 15.0.0
      Depends on vulnerable versions of cliui
      Depends on vulnerable versions of string-width
      node_modules/yargs
        depcheck  0.8.0 - 0.9.1
        Depends on vulnerable versions of yargs
        node_modules/depcheck
          npm-check  >=5.0.1
          Depends on vulnerable versions of depcheck
          Depends on vulnerable versions of meow
          node_modules/npm-check
        webpack-dev-server  2.0.0-beta - 4.1.0
        Depends on vulnerable versions of ansi-html
        Depends on vulnerable versions of chokidar
        Depends on vulnerable versions of yargs
        node_modules/webpack-dev-server
          @tarojs/webpack-runner  0.0.0-experimental.2 || 0.0.26 - 0.0.68-beta.4 || >=1.2.9
          Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
          Depends on vulnerable versions of copy-webpack-plugin
          Depends on vulnerable versions of resolve-url-loader
          Depends on vulnerable versions of webpack
          Depends on vulnerable versions of webpack-dev-server
          node_modules/@tarojs/webpack-runner
    eslint  4.5.0 - 7.15.0
    Depends on vulnerable versions of inquirer
    Depends on vulnerable versions of strip-ansi
    Depends on vulnerable versions of table
    node_modules/@tarojs/transformer-wx/node_modules/eslint
    node_modules/eslint
      @tarojs/cli  *
      Depends on vulnerable versions of @tarojs/transformer-wx
      Depends on vulnerable versions of eslint
      Depends on vulnerable versions of eslint-plugin-vue
      Depends on vulnerable versions of fbjs
      Depends on vulnerable versions of inquirer
      Depends on vulnerable versions of mem-fs-editor
      Depends on vulnerable versions of ora
      Depends on vulnerable versions of stylelint
      Depends on vulnerable versions of vinyl-fs
      node_modules/@tarojs/cli
      @tarojs/transformer-wx  >=1.2.0-alpha.0
      Depends on vulnerable versions of eslint
      node_modules/@tarojs/transformer-wx
      eslint-plugin-vue  5.0.0-beta.0 - 7.0.0-beta.4
      Depends on vulnerable versions of eslint
      node_modules/eslint-plugin-vue
    inquirer  3.2.0 - 7.0.4
    Depends on vulnerable versions of string-width
    Depends on vulnerable versions of strip-ansi
    node_modules/@tarojs/cli/node_modules/inquirer
    node_modules/@tarojs/transformer-wx/node_modules/inquirer
    ora  2.0.0 - 4.0.2
    Depends on vulnerable versions of strip-ansi
    node_modules/@tarojs/cli/node_modules/ora
    node_modules/ora
      @tarojs/mini-runner  *
      Depends on vulnerable versions of copy-webpack-plugin
      Depends on vulnerable versions of ora
      Depends on vulnerable versions of webpack
      node_modules/@tarojs/mini-runner
    string-width  2.1.0 - 4.1.0
    Depends on vulnerable versions of strip-ansi
    node_modules/@tarojs/cli/node_modules/string-width
    node_modules/@tarojs/transformer-wx/node_modules/string-width
    node_modules/ansi-align/node_modules/string-width
    node_modules/boxen/node_modules/string-width
    node_modules/string-width
    node_modules/stylelint/node_modules/string-width
    node_modules/widest-line/node_modules/string-width
      stylelint  7.7.1 - 13.6.1
      Depends on vulnerable versions of globby
      Depends on vulnerable versions of meow
      Depends on vulnerable versions of micromatch
      Depends on vulnerable versions of postcss-markdown
      Depends on vulnerable versions of string-width
      Depends on vulnerable versions of table
      node_modules/@tarojs/cli/node_modules/stylelint
      node_modules/stylelint
      table  4.0.2 - 5.4.6
      Depends on vulnerable versions of string-width
      node_modules/stylelint/node_modules/table
      node_modules/table
      widest-line  2.0.0 - 2.0.1
      Depends on vulnerable versions of string-width
      node_modules/widest-line
        boxen  1.3.0 - 3.2.0
        Depends on vulnerable versions of widest-line
        node_modules/boxen
      wrap-ansi  3.0.0 - 6.1.0
      Depends on vulnerable versions of string-width
      Depends on vulnerable versions of strip-ansi
      node_modules/wrap-ansi

braces  <2.3.1
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
No fix available
node_modules/stylelint/node_modules/micromatch/node_modules/braces
  micromatch  0.2.0 - 2.3.11
  Depends on vulnerable versions of braces
  Depends on vulnerable versions of parse-glob
  node_modules/stylelint/node_modules/micromatch
    stylelint  7.7.1 - 13.6.1
    Depends on vulnerable versions of globby
    Depends on vulnerable versions of meow
    Depends on vulnerable versions of micromatch
    Depends on vulnerable versions of postcss-markdown
    Depends on vulnerable versions of string-width
    Depends on vulnerable versions of table
    node_modules/@tarojs/cli/node_modules/stylelint
    node_modules/stylelint
      @tarojs/cli  *
      Depends on vulnerable versions of @tarojs/transformer-wx
      Depends on vulnerable versions of eslint
      Depends on vulnerable versions of eslint-plugin-vue
      Depends on vulnerable versions of fbjs
      Depends on vulnerable versions of inquirer
      Depends on vulnerable versions of mem-fs-editor
      Depends on vulnerable versions of ora
      Depends on vulnerable versions of stylelint
      Depends on vulnerable versions of vinyl-fs
      node_modules/@tarojs/cli

glob-parent  <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install @tarojs/webpack-runner@3.0.29, which is a breaking change
node_modules/@tarojs/webpack-runner/node_modules/glob-parent
node_modules/copy-webpack-plugin/node_modules/glob-parent
node_modules/glob-base/node_modules/glob-parent
node_modules/glob-stream/node_modules/glob-parent
node_modules/mem-fs-editor/node_modules/glob-parent
node_modules/stylelint/node_modules/glob-parent
node_modules/watchpack-chokidar2/node_modules/glob-parent
node_modules/webpack-dev-server/node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/watchpack-chokidar2/node_modules/chokidar
  node_modules/webpack-dev-server/node_modules/chokidar
    watchpack-chokidar2  *
    Depends on vulnerable versions of chokidar
    node_modules/watchpack-chokidar2
      watchpack  1.7.2 - 1.7.5
      Depends on vulnerable versions of watchpack-chokidar2
      node_modules/watchpack
        webpack  4.44.0 - 4.46.0
        Depends on vulnerable versions of watchpack
        node_modules/webpack
          @tarojs/mini-runner  *
          Depends on vulnerable versions of copy-webpack-plugin
          Depends on vulnerable versions of ora
          Depends on vulnerable versions of webpack
          node_modules/@tarojs/mini-runner
          @tarojs/webpack-runner  0.0.0-experimental.2 || 0.0.26 - 0.0.68-beta.4 || >=1.2.9
          Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
          Depends on vulnerable versions of copy-webpack-plugin
          Depends on vulnerable versions of resolve-url-loader
          Depends on vulnerable versions of webpack
          Depends on vulnerable versions of webpack-dev-server
          node_modules/@tarojs/webpack-runner
    webpack-dev-server  2.0.0-beta - 4.1.0
    Depends on vulnerable versions of ansi-html
    Depends on vulnerable versions of chokidar
    Depends on vulnerable versions of yargs
    node_modules/webpack-dev-server
  copy-webpack-plugin  4.3.0 - 5.1.2
  Depends on vulnerable versions of glob-parent
  Depends on vulnerable versions of serialize-javascript
  node_modules/@tarojs/webpack-runner/node_modules/copy-webpack-plugin
  node_modules/copy-webpack-plugin
  fast-glob  <=2.2.7
  Depends on vulnerable versions of glob-parent
  node_modules/mem-fs-editor/node_modules/fast-glob
  node_modules/stylelint/node_modules/fast-glob
    globby  8.0.0 - 9.2.0
    Depends on vulnerable versions of fast-glob
    node_modules/mem-fs-editor/node_modules/globby
    node_modules/stylelint/node_modules/globby
      mem-fs-editor  4.0.1 - 4.0.2 || 5.0.0 - 6.0.0 || 7.0.1 - 7.1.0
      Depends on vulnerable versions of globby
      node_modules/mem-fs-editor
        @tarojs/cli  *
        Depends on vulnerable versions of @tarojs/transformer-wx
        Depends on vulnerable versions of eslint
        Depends on vulnerable versions of eslint-plugin-vue
        Depends on vulnerable versions of fbjs
        Depends on vulnerable versions of inquirer
        Depends on vulnerable versions of mem-fs-editor
        Depends on vulnerable versions of ora
        Depends on vulnerable versions of stylelint
        Depends on vulnerable versions of vinyl-fs
        node_modules/@tarojs/cli
      stylelint  7.7.1 - 13.6.1
      Depends on vulnerable versions of globby
      Depends on vulnerable versions of meow
      Depends on vulnerable versions of micromatch
      Depends on vulnerable versions of postcss-markdown
      Depends on vulnerable versions of string-width
      Depends on vulnerable versions of table
      node_modules/@tarojs/cli/node_modules/stylelint
      node_modules/stylelint
  glob-base  *
  Depends on vulnerable versions of glob-parent
  node_modules/glob-base
    parse-glob  >=2.1.0
    Depends on vulnerable versions of glob-base
    node_modules/parse-glob
      micromatch  0.2.0 - 2.3.11
      Depends on vulnerable versions of braces
      Depends on vulnerable versions of parse-glob
      node_modules/stylelint/node_modules/micromatch
  glob-stream  5.3.0 - 6.1.0
  Depends on vulnerable versions of glob-parent
  node_modules/glob-stream
    vinyl-fs  >=2.4.2
    Depends on vulnerable versions of glob-stream
    node_modules/vinyl-fs

jpeg-js  <0.4.0
Severity: moderate
Uncontrolled resource consumption in jpeg-js - https://github.com/advisories/GHSA-w7q9-p3jq-fmhm
fix available via `npm audit fix --force`
Will install miniprogram-ci@1.0.1, which is a breaking change
node_modules/jpeg-js
  @jimp/jpeg  <=0.12.0
  Depends on vulnerable versions of jpeg-js
  node_modules/@jimp/jpeg
    @jimp/types  <=0.11.1-canary.891.908.0
    Depends on vulnerable versions of @jimp/jpeg
    node_modules/@jimp/types
      jimp  0.3.6-alpha.5 - 0.11.1-canary.891.908.0
      Depends on vulnerable versions of @jimp/types
      node_modules/jimp
        miniprogram-ci  >=1.0.2
        Depends on vulnerable versions of jimp
        node_modules/miniprogram-ci

json-schema  <0.4.0
Severity: moderate
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
  jsprim  0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
  Depends on vulnerable versions of json-schema
  node_modules/jsprim

node-fetch  <2.6.1
The `size` option isn't honored after following a redirect in node-fetch - https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
No fix available
node_modules/node-fetch
  isomorphic-fetch  2.0.0 - 2.2.1
  Depends on vulnerable versions of node-fetch
  node_modules/isomorphic-fetch
    fbjs  0.7.0 - 1.0.0
    Depends on vulnerable versions of isomorphic-fetch
    node_modules/fbjs
      @tarojs/cli  *
      Depends on vulnerable versions of @tarojs/transformer-wx
      Depends on vulnerable versions of eslint
      Depends on vulnerable versions of eslint-plugin-vue
      Depends on vulnerable versions of fbjs
      Depends on vulnerable versions of inquirer
      Depends on vulnerable versions of mem-fs-editor
      Depends on vulnerable versions of ora
      Depends on vulnerable versions of stylelint
      Depends on vulnerable versions of vinyl-fs
      node_modules/@tarojs/cli

postcss  7.0.0 - 7.0.35
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
fix available via `npm audit fix --force`
Will install @tarojs/webpack-runner@3.0.29, which is a breaking change
node_modules/@tarojs/webpack-runner/node_modules/resolve-url-loader/node_modules/postcss
  resolve-url-loader  3.0.1 - 3.1.3 || 4.0.0-alpha.1 - 4.0.0-beta.2
  Depends on vulnerable versions of postcss
  node_modules/@tarojs/webpack-runner/node_modules/resolve-url-loader
    @tarojs/webpack-runner  0.0.0-experimental.2 || 0.0.26 - 0.0.68-beta.4 || >=1.2.9
    Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
    Depends on vulnerable versions of copy-webpack-plugin
    Depends on vulnerable versions of resolve-url-loader
    Depends on vulnerable versions of webpack
    Depends on vulnerable versions of webpack-dev-server
    node_modules/@tarojs/webpack-runner

serialize-javascript  <3.1.0
Severity: high
Insecure serialization leading to RCE in serialize-javascript - https://github.com/advisories/GHSA-hxcc-f52p-wc94
fix available via `npm audit fix --force`
Will install @tarojs/webpack-runner@3.0.29, which is a breaking change
node_modules/@tarojs/webpack-runner/node_modules/serialize-javascript
  copy-webpack-plugin  4.3.0 - 5.1.2
  Depends on vulnerable versions of glob-parent
  Depends on vulnerable versions of serialize-javascript
  node_modules/@tarojs/webpack-runner/node_modules/copy-webpack-plugin
  node_modules/copy-webpack-plugin
    @tarojs/mini-runner  *
    Depends on vulnerable versions of copy-webpack-plugin
    Depends on vulnerable versions of ora
    Depends on vulnerable versions of webpack
    node_modules/@tarojs/mini-runner
    @tarojs/webpack-runner  0.0.0-experimental.2 || 0.0.26 - 0.0.68-beta.4 || >=1.2.9
    Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
    Depends on vulnerable versions of copy-webpack-plugin
    Depends on vulnerable versions of resolve-url-loader
    Depends on vulnerable versions of webpack
    Depends on vulnerable versions of webpack-dev-server
    node_modules/@tarojs/webpack-runner

trim  <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
No fix available
node_modules/trim
  remark-parse  <=8.0.3
  Depends on vulnerable versions of trim
  node_modules/remark-parse
    remark  5.0.0 - 12.0.1
    Depends on vulnerable versions of remark-parse
    node_modules/remark
      postcss-markdown  <=0.36.0
      Depends on vulnerable versions of remark
      node_modules/postcss-markdown
        stylelint  7.7.1 - 13.6.1
        Depends on vulnerable versions of globby
        Depends on vulnerable versions of meow
        Depends on vulnerable versions of micromatch
        Depends on vulnerable versions of postcss-markdown
        Depends on vulnerable versions of string-width
        Depends on vulnerable versions of table
        node_modules/@tarojs/cli/node_modules/stylelint
        node_modules/stylelint
          @tarojs/cli  *
          Depends on vulnerable versions of @tarojs/transformer-wx
          Depends on vulnerable versions of eslint
          Depends on vulnerable versions of eslint-plugin-vue
          Depends on vulnerable versions of fbjs
          Depends on vulnerable versions of inquirer
          Depends on vulnerable versions of mem-fs-editor
          Depends on vulnerable versions of ora
          Depends on vulnerable versions of stylelint
          Depends on vulnerable versions of vinyl-fs
          node_modules/@tarojs/cli

trim-newlines  <3.0.1
Severity: high
Regular Expression Denial of Service in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
No fix available
node_modules/npm-check/node_modules/trim-newlines
node_modules/trim-newlines
  meow  3.4.0 - 5.0.0
  Depends on vulnerable versions of trim-newlines
  Depends on vulnerable versions of yargs-parser
  node_modules/meow
  node_modules/npm-check/node_modules/meow
    npm-check  >=5.0.1
    Depends on vulnerable versions of depcheck
    Depends on vulnerable versions of meow
    node_modules/npm-check
    stylelint  7.7.1 - 13.6.1
    Depends on vulnerable versions of globby
    Depends on vulnerable versions of meow
    Depends on vulnerable versions of micromatch
    Depends on vulnerable versions of postcss-markdown
    Depends on vulnerable versions of string-width
    Depends on vulnerable versions of table
    node_modules/@tarojs/cli/node_modules/stylelint
    node_modules/stylelint
      @tarojs/cli  *
      Depends on vulnerable versions of @tarojs/transformer-wx
      Depends on vulnerable versions of eslint
      Depends on vulnerable versions of eslint-plugin-vue
      Depends on vulnerable versions of fbjs
      Depends on vulnerable versions of inquirer
      Depends on vulnerable versions of mem-fs-editor
      Depends on vulnerable versions of ora
      Depends on vulnerable versions of stylelint
      Depends on vulnerable versions of vinyl-fs
      node_modules/@tarojs/cli

yargs-parser  6.0.0 - 13.1.1
Severity: moderate
Prototype Pollution in yargs-parser - https://github.com/advisories/GHSA-p9pc-299p-vxgp
No fix available
node_modules/meow/node_modules/yargs-parser
  meow  3.4.0 - 5.0.0
  Depends on vulnerable versions of trim-newlines
  Depends on vulnerable versions of yargs-parser
  node_modules/meow
  node_modules/npm-check/node_modules/meow
    npm-check  >=5.0.1
    Depends on vulnerable versions of depcheck
    Depends on vulnerable versions of meow
    node_modules/npm-check
    stylelint  7.7.1 - 13.6.1
    Depends on vulnerable versions of globby
    Depends on vulnerable versions of meow
    Depends on vulnerable versions of micromatch
    Depends on vulnerable versions of postcss-markdown
    Depends on vulnerable versions of string-width
    Depends on vulnerable versions of table
    node_modules/@tarojs/cli/node_modules/stylelint
    node_modules/stylelint
      @tarojs/cli  *
      Depends on vulnerable versions of @tarojs/transformer-wx
      Depends on vulnerable versions of eslint
      Depends on vulnerable versions of eslint-plugin-vue
      Depends on vulnerable versions of fbjs
      Depends on vulnerable versions of inquirer
      Depends on vulnerable versions of mem-fs-editor
      Depends on vulnerable versions of ora
      Depends on vulnerable versions of stylelint
      Depends on vulnerable versions of vinyl-fs
      node_modules/@tarojs/cli

58 vulnerabilities (4 low, 25 moderate, 29 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.