You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Latest development branch version and latest release v2.2.0 contains multiple vulnerabilities.
npm audit output:
# npm audit report
ansi-regex >2.1.1 <5.0.1
Severity: moderate
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/npm/node_modules/cliui/node_modules/ansi-regex
node_modules/npm/node_modules/string-width/node_modules/ansi-regex
node_modules/npm/node_modules/wrap-ansi/node_modules/ansi-regex
node_modules/npm/node_modules/yargs/node_modules/ansi-regex
strip-ansi 4.0.0 - 5.2.0
Depends on vulnerable versions of ansi-regex
node_modules/npm/node_modules/cliui/node_modules/strip-ansi
node_modules/npm/node_modules/string-width/node_modules/strip-ansi
node_modules/npm/node_modules/wrap-ansi/node_modules/strip-ansi
node_modules/npm/node_modules/yargs/node_modules/strip-ansi
cliui 4.0.0 - 5.0.0
Depends on vulnerable versions of strip-ansi
Depends on vulnerable versions of wrap-ansi
node_modules/npm/node_modules/cliui
yargs 10.1.0 - 15.0.0
Depends on vulnerable versions of cliui
Depends on vulnerable versions of string-width
node_modules/npm/node_modules/yargs
libnpx >=10.0.0
Depends on vulnerable versions of yargs
node_modules/npm/node_modules/libnpx
npm <=7.1.0 || 7.21.0 - 8.5.4
Depends on vulnerable versions of cli-table3
Depends on vulnerable versions of hosted-git-info
Depends on vulnerable versions of ini
Depends on vulnerable versions of libnpx
Depends on vulnerable versions of npm-audit-report
Depends on vulnerable versions of ssri
Depends on vulnerable versions of tar
node_modules/npm
string-width 2.1.0 - 4.1.0
Depends on vulnerable versions of strip-ansi
node_modules/npm/node_modules/cliui/node_modules/string-width
node_modules/npm/node_modules/string-width
node_modules/npm/node_modules/wrap-ansi/node_modules/string-width
node_modules/npm/node_modules/yargs/node_modules/string-width
cli-table3 0.5.0 - 0.5.1
Depends on vulnerable versions of string-width
node_modules/npm/node_modules/cli-table3
npm-audit-report 1.3.1 - 1.3.3
Depends on vulnerable versions of cli-table3
node_modules/npm/node_modules/npm-audit-report
widest-line 2.0.0 - 2.0.1
Depends on vulnerable versions of string-width
node_modules/npm/node_modules/widest-line
boxen 1.3.0 - 3.2.0
Depends on vulnerable versions of widest-line
node_modules/npm/node_modules/boxen
wrap-ansi 3.0.0 - 6.1.0
Depends on vulnerable versions of string-width
Depends on vulnerable versions of strip-ansi
node_modules/npm/node_modules/wrap-ansi
hosted-git-info <2.8.9
Severity: moderate
Regular Expression Denial of Service in hosted-git-info - https://github.com/advisories/GHSA-43f8-2h32-f4cj
fix available via `npm audit fix`
node_modules/npm/node_modules/hosted-git-info
npm <=7.1.0 || 7.21.0 - 8.5.4
Depends on vulnerable versions of cli-table3
Depends on vulnerable versions of hosted-git-info
Depends on vulnerable versions of ini
Depends on vulnerable versions of libnpx
Depends on vulnerable versions of npm-audit-report
Depends on vulnerable versions of ssri
Depends on vulnerable versions of tar
node_modules/npm
ini <1.3.6
Severity: high
Prototype Pollution - https://github.com/advisories/GHSA-qqgx-2p2h-9c37
fix available via `npm audit fix`
node_modules/npm/node_modules/ini
npm <=7.1.0 || 7.21.0 - 8.5.4
Depends on vulnerable versions of cli-table3
Depends on vulnerable versions of hosted-git-info
Depends on vulnerable versions of ini
Depends on vulnerable versions of libnpx
Depends on vulnerable versions of npm-audit-report
Depends on vulnerable versions of ssri
Depends on vulnerable versions of tar
node_modules/npm
json-bigint <1.0.0
Severity: high
Uncontrolled Resource Consumption in json-bigint - https://github.com/advisories/GHSA-wgfq-7857-4jcc
fix available via `npm audit fix --force`
Will install googleapis@98.0.0, which is a breaking change
node_modules/json-bigint
gcp-metadata 0.8.0 - 4.1.0
Depends on vulnerable versions of json-bigint
node_modules/gcp-metadata
google-auth-library 0.9.4 - 5.10.1
Depends on vulnerable versions of gcp-metadata
Depends on vulnerable versions of gtoken
node_modules/google-auth-library
googleapis 37.0.0-webpack - 48.0.0
Depends on vulnerable versions of google-auth-library
node_modules/googleapis
googleapis-common 0.5.0-webpack - 0.5.0-webpack3 || 0.6.0-webpack - 3.2.2
Depends on vulnerable versions of google-auth-library
node_modules/googleapis-common
json-schema <0.4.0
Severity: moderate
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/npm/node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/npm/node_modules/jsprim
minimist <=1.2.5
Severity: high
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/npm/node_modules/minimist
node_modules/npm/node_modules/mkdirp/node_modules/minimist
node-forge <=1.2.1
Severity: moderate
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Prototype Pollution in node-forge util.setPath API - https://github.com/advisories/GHSA-wxgw-qj99-44c2
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
fix available via `npm audit fix --force`
Will install googleapis@98.0.0, which is a breaking change
node_modules/node-forge
google-p12-pem <=3.1.2
Depends on vulnerable versions of node-forge
node_modules/google-p12-pem
gtoken <=5.0.0
Depends on vulnerable versions of google-p12-pem
node_modules/gtoken
google-auth-library 0.9.4 - 5.10.1
Depends on vulnerable versions of gcp-metadata
Depends on vulnerable versions of gtoken
node_modules/google-auth-library
googleapis 37.0.0-webpack - 48.0.0
Depends on vulnerable versions of google-auth-library
node_modules/googleapis
googleapis-common 0.5.0-webpack - 0.5.0-webpack3 || 0.6.0-webpack - 3.2.2
Depends on vulnerable versions of google-auth-library
node_modules/googleapis-common
path-parse <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/npm/node_modules/path-parse
ssri 5.2.2 - 6.0.1
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq
fix available via `npm audit fix`
node_modules/npm/node_modules/ssri
npm <=7.1.0 || 7.21.0 - 8.5.4
Depends on vulnerable versions of cli-table3
Depends on vulnerable versions of hosted-git-info
Depends on vulnerable versions of ini
Depends on vulnerable versions of libnpx
Depends on vulnerable versions of npm-audit-report
Depends on vulnerable versions of ssri
Depends on vulnerable versions of tar
node_modules/npm
tar <=4.4.17
Severity: high
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw
fix available via `npm audit fix`
node_modules/npm/node_modules/tar
npm <=7.1.0 || 7.21.0 - 8.5.4
Depends on vulnerable versions of cli-table3
Depends on vulnerable versions of hosted-git-info
Depends on vulnerable versions of ini
Depends on vulnerable versions of libnpx
Depends on vulnerable versions of npm-audit-report
Depends on vulnerable versions of ssri
Depends on vulnerable versions of tar
node_modules/npm
y18n 4.0.0
Severity: high
Prototype Pollution - https://github.com/advisories/GHSA-c4w7-xm78-47vh
fix available via `npm audit fix`
node_modules/npm/node_modules/y18n
29 vulnerabilities (18 moderate, 11 high)
The text was updated successfully, but these errors were encountered:
Hi,
Latest development branch version and latest release v2.2.0 contains multiple vulnerabilities.
npm audit output:
The text was updated successfully, but these errors were encountered: