Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm audit found vulnerabilities #41

Closed
github-actions bot opened this issue Jan 25, 2022 · 1 comment
Closed

npm audit found vulnerabilities #41

github-actions bot opened this issue Jan 25, 2022 · 1 comment
Labels
test vulnerability

Comments

@github-actions
Copy link 

# npm audit report

nanoid  <3.1.31
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix`
node_modules/nanoid

node-fetch  <2.6.7
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix --force`
Will install next@10.0.1, which is a breaking change
node_modules/node-fetch
  next  9.0.6-canary.0 - 9.3.4-canary.0 || 10.0.2-canary.0 - 12.0.8
  Depends on vulnerable versions of node-fetch
  node_modules/next
    eslint-config-next  >=10.2.1-canary.2
    Depends on vulnerable versions of next
    node_modules/eslint-config-next

4 vulnerabilities (1 moderate, 3 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force
@github-actions
Copy link
Author 

# npm audit report

nanoid  <3.1.31
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix`
node_modules/nanoid

node-fetch  <2.6.7
Severity: high
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix`
node_modules/node-fetch
  next  9.0.6-canary.0 - 9.3.4-canary.0 || 10.0.2-canary.0 - 12.0.8
  Depends on vulnerable versions of node-fetch
  node_modules/next

3 vulnerabilities (1 moderate, 2 high)

To address all issues, run:
  npm audit fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
test vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Ovler-Young