This repository has been archived by the owner on Aug 25, 2024. It is now read-only.
needs update npm found many vulnerabilities #38
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
found 51 vulnerabilities (3 low, 19 moderate, 23 high, 6 critical)
run
npm audit fixto fix them, ornpm auditfor details=== npm audit security report ===
Moderate Open Redirect in node-forge
Package node-forge
Patched in >=1.0.0
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > webpack-dev-server >
selfsigned > node-forge
More info GHSA-8fr3-hfg3-gpgp
Low Prototype Pollution in node-forge debug API.
Package node-forge
Patched in >=1.0.0
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > webpack-dev-server >
selfsigned > node-forge
More info GHSA-5rrq-pxf6-6jx5
Moderate Improper Verification of Cryptographic Signature in
node-forgePackage node-forge
Patched in >=1.3.0
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > webpack-dev-server >
selfsigned > node-forge
More info GHSA-2r2c-g63r-vccr
High Improper Verification of Cryptographic Signature in
node-forge
Package node-forge
Patched in >=1.3.0
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > webpack-dev-server >
selfsigned > node-forge
More info GHSA-x4jg-mjrx-434g
High Improper Verification of Cryptographic Signature in
node-forge
Package node-forge
Patched in >=1.3.0
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > webpack-dev-server >
selfsigned > node-forge
More info GHSA-cfm4-qjh2-4765
Low URL parsing in node-forge could lead to undesired behavior.
Package node-forge
Patched in >=1.0.0
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > webpack-dev-server >
selfsigned > node-forge
More info GHSA-gf8q-jrpm-jvxq
Critical Prototype Pollution in immer
Package immer
Patched in >=9.0.6
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > react-dev-utils > immer
More info GHSA-33f9-j839-rf8h
High Prototype Pollution in immer
Package immer
Patched in >=8.0.1
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > react-dev-utils > immer
More info GHSA-9qmh-276g-x5pj
High Prototype Pollution in immer
Package immer
Patched in >=9.0.6
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > react-dev-utils > immer
More info GHSA-c36v-fmgq-m8hx
Moderate Prototype Pollution in object-path
Package object-path
Patched in >=0.11.6
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > resolve-url-loader >
adjust-sourcemap-loader > object-path
More info GHSA-v39p-96qg-c8rf
High Prototype pollution in object-path
Package object-path
Patched in >=0.11.5
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > resolve-url-loader >
adjust-sourcemap-loader > object-path
More info GHSA-cwx2-736x-mf6w
High Prototype Pollution in object-path
Package object-path
Patched in >=0.11.8
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > resolve-url-loader >
adjust-sourcemap-loader > object-path
More info GHSA-8v63-cqqc-6r2c
High Insecure serialization leading to RCE in
serialize-javascript
Package serialize-javascript
Patched in >=3.1.0
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > terser-webpack-plugin >
serialize-javascript
More info GHSA-hxcc-f52p-wc94
Critical Prototype Pollution in lodash
Package lodash
Patched in >=4.17.12
Dependency of react-qrbtf
Path react-qrbtf > react-css > lodash
More info GHSA-jf85-cpcp-j695
Moderate Regular Expression Denial of Service (ReDoS) in lodash
Package lodash
Patched in >=4.17.11
Dependency of react-qrbtf
Path react-qrbtf > react-css > lodash
More info GHSA-x5rq-j2xg-h7qm
High Prototype Pollution in lodash
Package lodash
Patched in >=4.17.20
Dependency of react-qrbtf
Path react-qrbtf > react-css > lodash
More info GHSA-p6mc-m468-83gw
High Prototype Pollution in lodash
Package lodash
Patched in >=4.17.11
Dependency of react-qrbtf
Path react-qrbtf > react-css > lodash
More info GHSA-4xc9-xhrj-v574
Low Prototype Pollution in lodash
Package lodash
Patched in >=4.17.5
Dependency of react-qrbtf
Path react-qrbtf > react-css > lodash
More info GHSA-fvqr-27wr-82fm
High Command Injection in lodash
Package lodash
Patched in >=4.17.21
Dependency of react-qrbtf
Path react-qrbtf > react-css > lodash
More info GHSA-35jh-r3h4-6jhm
Moderate Regular Expression Denial of Service (ReDoS) in lodash
Package lodash
Patched in >=4.17.21
Dependency of react-qrbtf
Path react-qrbtf > react-css > lodash
More info GHSA-29mw-wpgm-hmr9
Moderate Regular Expression Denial of Service in postcss
Package postcss
Patched in >=7.0.36
Dependency of react-qrbtf
Path react-qrbtf > react-css > autoprefixer > postcss
More info GHSA-566m-qj78-rww5
Moderate Regular Expression Denial of Service in postcss
Package postcss
Patched in >=7.0.36
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > resolve-url-loader > postcss
More info GHSA-566m-qj78-rww5
Moderate Regular Expression Denial of Service in postcss
Package postcss
Patched in >=7.0.36
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > resolve-url-loader > postcss
More info GHSA-hwj9-h5mp-3pm3
High Inefficient Regular Expression Complexity in nth-check
Package nth-check
Patched in >=2.0.1
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > @svgr/webpack >
@svgr/plugin-svgo > svgo > css-select > nth-check
More info GHSA-rp65-9cf3-cjxr
High Inefficient Regular Expression Complexity in nth-check
Package nth-check
Patched in >=2.0.1
Dependency of react-qrbtf
Path react-qrbtf > react-scripts >
optimize-css-assets-webpack-plugin > cssnano >
cssnano-preset-default > postcss-svgo > svgo > css-select >
nth-check
More info GHSA-rp65-9cf3-cjxr
High glob-parent before 5.1.2 vulnerable to Regular Expression
Denial of Service in enclosure regex
Package glob-parent
Patched in >=5.1.2
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > react-dev-utils > globby >
fast-glob > glob-parent
More info GHSA-ww39-953v-wcq6
High glob-parent before 5.1.2 vulnerable to Regular Expression
Denial of Service in enclosure regex
Package glob-parent
Patched in >=5.1.2
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > webpack > watchpack >
watchpack-chokidar2 > chokidar > glob-parent
More info GHSA-ww39-953v-wcq6
High glob-parent before 5.1.2 vulnerable to Regular Expression
Denial of Service in enclosure regex
Package glob-parent
Patched in >=5.1.2
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > webpack-dev-server > chokidar
> glob-parent
More info GHSA-ww39-953v-wcq6
Moderate react-dev-utils OS Command Injection in function
getProcessForPortPackage react-dev-utils
Patched in >=11.0.4
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > react-dev-utils
More info GHSA-5q6m-3h65-w53x
High Uncontrolled Resource Consumption in ansi-html
Package ansi-html
Patched in >=0.0.8
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > webpack-dev-server > ansi-html
More info GHSA-whgm-jr23-g3j9
Moderate Regular Expression Denial of Service in browserslist
Package browserslist
Patched in >=4.16.5
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > react-dev-utils > browserslist
More info GHSA-w8qv-6jwh-64r5
Moderate Improper Input Validation in SocksJS-Node
Package sockjs
Patched in >=0.3.20
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > webpack-dev-server > sockjs
More info GHSA-c9g6-9335-x697
Moderate OS Command Injection in node-notifier
Package node-notifier
Patched in >=8.0.1
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > jest > jest-cli > @jest/core >
@jest/reporters > node-notifier
More info GHSA-5fw9-fq32-wv5p
Moderate Insufficient Granularity of Access Control in JSDom
Package jsdom
Patched in >=16.5.0
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > jest > jest-cli > jest-config
> jest-environment-jsdom > jsdom
More info GHSA-f4c9-cqv8-9v98
Moderate Insufficient Granularity of Access Control in JSDom
Package jsdom
Patched in >=16.5.0
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > jest > jest-cli > @jest/core >
jest-config > jest-environment-jsdom > jsdom
More info GHSA-f4c9-cqv8-9v98
Moderate Insufficient Granularity of Access Control in JSDom
Package jsdom
Patched in >=16.5.0
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > jest > jest-cli > @jest/core >
jest-runtime > jest-config > jest-environment-jsdom > jsdom
More info GHSA-f4c9-cqv8-9v98
Moderate Insufficient Granularity of Access Control in JSDom
Package jsdom
Patched in >=16.5.0
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > jest > jest-cli > @jest/core >
@jest/reporters > jest-runtime > jest-config >
jest-environment-jsdom > jsdom
More info GHSA-f4c9-cqv8-9v98
Moderate Insufficient Granularity of Access Control in JSDom
Package jsdom
Patched in >=16.5.0
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > jest > jest-cli > @jest/core >
jest-runner > jest-jasmine2 > jest-runtime > jest-config >
jest-environment-jsdom > jsdom
More info GHSA-f4c9-cqv8-9v98
Moderate Insufficient Granularity of Access Control in JSDom
Package jsdom
Patched in >=16.5.0
Dependency of react-qrbtf
Path react-qrbtf > react-scripts >
jest-environment-jsdom-fourteen > jsdom
More info GHSA-f4c9-cqv8-9v98
High minimatch ReDoS vulnerability
Package minimatch
Patched in >=3.0.5
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > react-dev-utils >
recursive-readdir > minimatch
More info GHSA-f8q6-p94x-37v3
Critical Improper Neutralization of Special Elements used in a
Command in Shell-quote
Package shell-quote
Patched in >=1.7.3
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > react-dev-utils > shell-quote
More info GHSA-g4rg-993r-mgx7
Critical Prototype pollution in webpack loader-utils
Package loader-utils
Patched in >=1.4.1
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > react-dev-utils > loader-utils
More info GHSA-76p3-8jx3-jpfq
Critical Prototype pollution in webpack loader-utils
Package loader-utils
Patched in >=1.4.1
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > resolve-url-loader >
adjust-sourcemap-loader > loader-utils
More info GHSA-76p3-8jx3-jpfq
Critical Prototype pollution in webpack loader-utils
Package loader-utils
Patched in >=1.4.1
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > resolve-url-loader >
loader-utils
More info GHSA-76p3-8jx3-jpfq
High loader-utils is vulnerable to Regular Expression Denial of
Service (ReDoS) via url variable
Package loader-utils
Patched in >=1.4.2
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > react-dev-utils > loader-utils
More info GHSA-3rfm-jhwj-7488
High loader-utils is vulnerable to Regular Expression Denial of
Service (ReDoS) via url variable
Package loader-utils
Patched in >=1.4.2
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > resolve-url-loader >
adjust-sourcemap-loader > loader-utils
More info GHSA-3rfm-jhwj-7488
High loader-utils is vulnerable to Regular Expression Denial of
Service (ReDoS) via url variable
Package loader-utils
Patched in >=1.4.2
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > resolve-url-loader >
loader-utils
More info GHSA-3rfm-jhwj-7488
High loader-utils is vulnerable to Regular Expression Denial of
Service (ReDoS)
Package loader-utils
Patched in >=1.4.2
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > react-dev-utils > loader-utils
More info GHSA-hhq3-ff78-jv3g
High loader-utils is vulnerable to Regular Expression Denial of
Service (ReDoS)
Package loader-utils
Patched in >=1.4.2
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > resolve-url-loader >
adjust-sourcemap-loader > loader-utils
More info GHSA-hhq3-ff78-jv3g
High loader-utils is vulnerable to Regular Expression Denial of
Service (ReDoS)
Package loader-utils
Patched in >=1.4.2
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > resolve-url-loader >
loader-utils
More info GHSA-hhq3-ff78-jv3g
Moderate yargs-parser Vulnerable to Prototype Pollution
Package yargs-parser
Patched in >=13.1.2
Dependency of react-qrbtf
Path react-qrbtf > react-scripts > webpack-dev-server > yargs >
yargs-parser
More info GHSA-p9pc-299p-vxgp
The text was updated successfully, but these errors were encountered: