Skip to content

[6.x] npm audit fix #13646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jasonvarga merged 1 commit into from
Jan 22, 2026
Merged

[6.x] npm audit fix #13646

jasonvarga merged 1 commit into from
Jan 22, 2026

Conversation

@jasonvarga
Copy link
Member

@jasonvarga jasonvarga commented Jan 22, 2026
edited
Loading

Fixes the following output from npm audit by running npm audit fix

lodash-es  4.0.0 - 4.17.22                                                                                                                             
Severity: moderate                                                                                                                                     
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg                   
fix available via `npm audit fix`                                                                                                                      
node_modules/lodash-es                                                                                                                                 
                                                                                                                                                       
qs  <6.14.1                                                                                                                                            
Severity: high                                                                                                                                         
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion - https://github.com/advisories/GHSA-6rw7-vpxm-498p                    
fix available via `npm audit fix`                                                                                                                      
node_modules/qs                                                                                                                                        
                                                                                                                                                       
tar  <=7.5.3                                                                                                                                           
Severity: high                                                                                                                                         
node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization - https://github.com/advisories/GHSA-8qq5-r
m4j-mr97                                                                                                                                               
Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS - https://github.com/advisories/GHSA-r6q2-hw4h-h46w         
fix available via `npm audit fix`                                                                                                                      
node_modules/tar

@jasonvarga jasonvarga merged commit e64e9a2 into master Jan 22, 2026
13 checks passed
@jasonvarga jasonvarga deleted the npm-audit-fix branch January 22, 2026 15:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jasonvarga