ran npm install, raised audit errors, ran npm audit, these spit out.
# npm audit report
axios <=0.27.2
Severity: high
Axios vulnerable to Server-Side Request Forgery - https://github.com/advisories/GHSA-4w2v-q235-vp99
axios Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
Depends on vulnerable versions of follow-redirects
fix available via `npm audit fix --force`
Will install plaid@22.0.1, which is a breaking change
node_modules/axios
plaid 5.0.0 - 8.1.2 || 9.0.0-beta.1 - 9.0.0-beta.15
Depends on vulnerable versions of axios
node_modules/plaid
fastify-static <4.2.4
Severity: moderate
URL Redirection to Untrusted Site ('Open Redirect') in fastify-static - https://github.com/advisories/GHSA-p6vg-p826-qp3v
fix available via `npm audit fix --force`
Will install fastify-static@4.7.0, which is a breaking change
node_modules/fastify-static
follow-redirects <=1.15.5
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc
follow-redirects' Proxy-Authorization header kept across hosts - https://github.com/advisories/GHSA-cxjh-pqwp-8mfp
fix available via `npm audit fix --force`
Will install plaid@22.0.1, which is a breaking change
node_modules/follow-redirects
4 vulnerabilities (2 moderate, 2 high)
To address all issues (including breaking changes), run:
npm audit fix --force
ran npm install, raised audit errors, ran npm audit, these spit out.