New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lalaps Dashboard #20

Open

lalaps bot opened this issue Jan 22, 2022 · 0 comments

Contributor

lalaps bot commented Jan 22, 2022 •

edited

Loading

This issue provides visibility into Lalaps updates and their statuses.

npm

decode-uri-component vulnerable to Denial of Service (DoS)
Library: decode-uri-component
Affected versions: <=0.2.0
Severity: low
Root Libraries:

❌ danger
✔️ semantic-release-telegram Chore: fixes some npm audit vulnerabilities #58 Chore: fixes some npm audit vulnerabilities #52

minimatch ReDoS vulnerability
Library: minimatch
Affected versions: <3.0.5
Severity: high
✔️ #58
✔️ #52
Root Libraries:

✔️ mocha Chore: fixes some npm audit vulnerabilities #58 Chore: fixes some npm audit vulnerabilities #52

Authorization Bypass in parse-path
Library: parse-path
Affected versions: <5.0.0
Severity: high
✔️ #58
✔️ #52
Root Libraries:

✔️ semantic-release-telegram Chore: fixes some npm audit vulnerabilities #58 Chore: fixes some npm audit vulnerabilities #52

parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing
Library: parse-url
Affected versions: <8.1.0
Severity: moderate
✔️ #58
✔️ #52
Root Libraries:

✔️ semantic-release-telegram Chore: fixes some npm audit vulnerabilities #58 Chore: fixes some npm audit vulnerabilities #52

Last Updated: 01 Dec 2022, at 01:10 UTC

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment