You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 23, 2023. It is now read-only.
At npm i
added 1 package, removed 89 packages
20 vulnerabilities (9 low, 5 moderate, 6 high)
And npm audit fix --force can't fix 5 of the high severity ones.
npm audit details after --force:
# npm audit report
axios <0.21.1
Severity: high
Server-Side Request Forgery - https://npmjs.com/advisories/1594
fix available via `npm audit fix`
node_modules/axios
gatsby 2.10.1-resource-loading.10 - 2.10.1-structured-logs-test.128 || 2.13.37-cors-options.396 || 2.13.58 - 3.0.0-next.4
Depends on vulnerable versions of axios
Depends on vulnerable versions of terser-webpack-plugin
node_modules/gatsby
immer <8.0.1
Severity: high
Prototype Pollution - https://npmjs.com/advisories/1603
fix available via `npm audit fix`
node_modules/immer
@builder.io/react >=0.1.20
Depends on vulnerable versions of create-react-context
Depends on vulnerable versions of immer
node_modules/@builder.io/react
node_modules/@builder.io/widgets/node_modules/@builder.io/react
@builder.io/widgets *
Depends on vulnerable versions of @builder.io/react
Depends on vulnerable versions of immer
node_modules/@builder.io/widgets
node-fetch <=2.6.0 || 3.0.0-beta.1 - 3.0.0-beta.8
Denial of Service - https://npmjs.com/advisories/1556
No fix available
node_modules/node-fetch
@builder.io/gatsby *
Depends on vulnerable versions of node-fetch
node_modules/@builder.io/gatsby
isomorphic-fetch 2.0.0 - 2.2.1
Depends on vulnerable versions of node-fetch
node_modules/isomorphic-fetch
fbjs 0.7.0 - 1.0.0
Depends on vulnerable versions of isomorphic-fetch
node_modules/fbjs
create-react-context 0.2.0 - 0.2.3
Depends on vulnerable versions of fbjs
node_modules/create-react-context
@builder.io/react >=0.1.20
Depends on vulnerable versions of create-react-context
Depends on vulnerable versions of immer
node_modules/@builder.io/react
node_modules/@builder.io/widgets/node_modules/@builder.io/react
@builder.io/widgets *
Depends on vulnerable versions of @builder.io/react
Depends on vulnerable versions of immer
node_modules/@builder.io/widgets
ssri 5.2.2 - 6.0.1 || 7.0.0 - 8.0.0
Severity: moderate
Regular Expression Denial of Service - https://npmjs.com/advisories/565
fix available via `npm audit fix`
node_modules/ssri
cacache 10.0.4 - 11.0.0 || 13.0.0 - 14.0.0
Depends on vulnerable versions of ssri
node_modules/cacache
terser-webpack-plugin 2.1.1 - 2.3.8
Depends on vulnerable versions of cacache
node_modules/terser-webpack-plugin
gatsby 2.10.1-resource-loading.10 - 2.10.1-structured-logs-test.128 || 2.13.37-cors-options.396 || 2.13.58 - 3.0.0-next.4
Depends on vulnerable versions of axios
Depends on vulnerable versions of terser-webpack-plugin
node_modules/gatsby
13 vulnerabilities (5 low, 3 moderate, 5 high)
I know, maintaining a nodejs project is such a pain.
Good luck!
The text was updated successfully, but these errors were encountered:
Hello,
At
npm i
added 1 package, removed 89 packages
20 vulnerabilities (9 low, 5 moderate, 6 high)
And
npm audit fix --force
can't fix 5 of the high severity ones.npm audit
details after --force:I know, maintaining a nodejs project is such a pain.
Good luck!
The text was updated successfully, but these errors were encountered: