Security vulnerabilities

[pinguinooo]

how do i fix this?

=== npm audit security report ===

                             Manual Review
         Some vulnerabilities require your attention to resolve

      Visit https://go.npm.me/audit-guide for additional guidance

Low Prototype Pollution

Package minimist

Patched in >=0.2.1 <1.0.0 || >=1.2.3

Dependency of node-static

Path node-static > optimist > minimist

More info https://npmjs.com/advisories/1179

Low Prototype Pollution

Package minimist

Patched in >=0.2.1 <1.0.0 || >=1.2.3

Dependency of soundcloud

Path soundcloud > node-static > optimist > minimist

More info https://npmjs.com/advisories/1179

Low Unauthorized File Access

Package node-static

Patched in No patch available

Dependency of node-static

Path node-static

More info https://npmjs.com/advisories/1206

Low Unauthorized File Access

Package node-static

Patched in No patch available

Dependency of soundcloud

Path soundcloud > node-static

More info https://npmjs.com/advisories/1206

Low Open Redirect

Package node-static

Patched in No patch available

Dependency of node-static

Path node-static

More info https://npmjs.com/advisories/1207

Low Open Redirect

Package node-static

Patched in No patch available

Dependency of soundcloud

Path soundcloud > node-static

More info https://npmjs.com/advisories/1207

High Denial of Service

Package node-static

Patched in No patch available

Dependency of node-static

Path node-static

More info https://npmjs.com/advisories/1208

High Denial of Service

Package node-static

Patched in No patch available

Dependency of soundcloud

Path soundcloud > node-static

More info https://npmjs.com/advisories/1208

[brettz9]

Note that https://www.npmjs.com/advisories/1206 and https://www.npmjs.com/advisories/1207 are within node-static itself and not just its dependencies (also https://www.npmjs.com/advisories/1208 , but that has PR #213).

[brettz9]

Regarding npm advisory 1206-1208 per the change log:

• Security fix?: The Unauthorized File Access issue
  https://www.npmjs.com/advisories/1206 does not appear to be an issue
  per testing (if it ever was); if you can provide a test case where it
  fails, please report
• Security Update/fix: Use URL constructor over deprecated url.parse;
  should fix Open Redirect issue https://www.npmjs.com/advisories/1207
• Security Update/fix: Protect fs.stat calls from bad path arguments; fixes
  Denial of Service issue https://www.npmjs.com/advisories/1208
  (@brpvieira)

Re: https://npmjs.com/advisories/1179 , this should now be fixed due to our no longer relying on optimist/minimist.

Closing as the underlying issues appear to be resolved, but feel free to report again if any issues remain (though the new version has not yet been released).