You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ npm ci
added 614 packages, and audited 615 packages in 11s
96 packages are looking for funding
run `npm fund` for details
5 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
$ npm audit
# npm audit report
json5 <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix --force`
Will install eslint-plugin-import@2.24.1, which is a breaking change
node_modules/json5
node_modules/tsconfig-paths/node_modules/json5
tsconfig-paths 3.5.0 - 3.9.0 || 3.11.0 - 3.14.1
Depends on vulnerable versions of json5
node_modules/tsconfig-paths
eslint-plugin-import >=2.24.2
Depends on vulnerable versions of tsconfig-paths
node_modules/eslint-plugin-import
eslint-config-airbnb-base >=15.0.0
Depends on vulnerable versions of eslint-plugin-import
node_modules/eslint-config-airbnb-base
eslint-config-airbnb-typescript >=16.0.0
Depends on vulnerable versions of eslint-config-airbnb-base
Depends on vulnerable versions of eslint-plugin-import
node_modules/eslint-config-airbnb-typescript
5 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
The text was updated successfully, but these errors were encountered:
This update attempt was spurred by an alleged json5 vulnerability.
It is a dev dependency and therefore should not be included in
production code and therefore should not affect deployed instances of
the software.
See import-js/eslint-plugin-import#2447 (comment)
Issue #190 `npm ci` reports vulnerabilities...
This update attempt was spurred by an alleged json5 vulnerability.
It is a dev dependency and therefore should not be included in
production code and therefore should not affect deployed instances of
the software.
This commit includes an update to json5 v1 which should be compatible
with eslint plugin and removes the vulnerability.
See import-js/eslint-plugin-import#2447 (comment)
See json5/json5#298
Issue #190 `npm ci` reports vulnerabilities...
The text was updated successfully, but these errors were encountered: