Skip to content

Vulnerabilities and oudated packages #223

Open
Open
Vulnerabilities and oudated packages#223
@PatrickSpies

Description

@PatrickSpies
PatrickSpies
opened on Mar 30, 2021

Vulnerabilities

npm audit reports 6 vulnerabilities (3 low, 1 moderate, 2 high)

npm audit report

acorn 5.5.0 - 5.7.3 || 6.0.0 - 6.4.0 || 7.0.0 - 7.1.0
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/1488
fix available via npm audit fix
node_modules/acorn

bl <=1.2.2 || 2.0.1 - 2.2.0 || 3.0.0 || 4.0.0 - 4.0.2
Severity: high
Remote Memory Exposure - https://npmjs.com/advisories/1555
fix available via npm audit fix
node_modules/bl

decompress <4.2.1
Severity: high
Arbitrary File Write - https://npmjs.com/advisories/1217
fix available via npm audit fix
node_modules/decompress

lodash <4.17.19
Prototype Pollution - https://npmjs.com/advisories/1523
fix available via npm audit fix
node_modules/lodash

minimist <0.2.1 || >=1.0.0 <1.2.3
Prototype Pollution - https://npmjs.com/advisories/1179
fix available via npm audit fix
node_modules/minimist
node_modules/mkdirp/node_modules/minimist
mkdirp 0.4.1 - 0.5.1
Depends on vulnerable versions of minimist
node_modules/mkdirp`

Outdated packages

npm outdated reports multiple outdated packages

Package Current Wanted Latest Location Depended by
archiver 3.0.0 3.1.1 5.3.0 node_modules/archiver claudia
aws-sdk 2.607.0 2.875.0 2.875.0 node_modules/aws-sdk claudia
decompress 4.2.0 4.2.1 4.2.1 node_modules/decompress claudia
dotenv 2.0.0 2.0.0 8.2.0 node_modules/dotenv claudia
eslint 6.5.1 6.8.0 7.23.0 node_modules/eslint claudia
eslint-config-crockford 0.2.0 0.2.0 2.0.0 node_modules/eslint-config-crockford claudia
fs-extra 6.0.1 6.0.1 9.1.0 node_modules/fs-extra claudia
glob 7.1.2 7.1.6 7.1.6 node_modules/glob claudia
gunzip-maybe 1.4.1 1.4.2 1.4.2 node_modules/gunzip-maybe claudia
jasmine 2.99.0 2.99.0 3.7.0 node_modules/jasmine claudia
jasmine-spec-reporter 2.7.0 2.7.0 6.0.0 node_modules/jasmine-spec-reporter claudia
minimist 1.2.0 1.2.5 1.2.5 node_modules/minimist claudia
sequential-promise-map 1.0.4 1.2.0 1.2.0 node_modules/sequential-promise-map claudia
tar-fs 1.16.3 1.16.3 2.1.1 node_modules/tar-fs claudia
uuid 2.0.3 2.0.3 8.3.2 node_modules/uuid claudia
which 1.3.1 1.3.1 2.0.2 node_modules/which claudia

Is it possible to provide a new release with updated dependencies?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions