Skip to content

NODE UPDATE: Fix Available: npm audit fix --force #9

New issue
New issue
Open
Open
NODE UPDATE: Fix Available: npm audit fix --force#9
@Arique1104

Description

@Arique1104
Arique1104
opened on Nov 18, 2023

6 out of 18 dependents are listed here.

  • cypress
@cypress/request  <=2.88.12
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
fix available via `npm audit fix --force`
Will install cypress@13.5.1, which is a breaking change
node_modules/@cypress/request
  cypress  4.3.0 - 12.17.4
  Depends on vulnerable versions of @cypress/request
  node_modules/cypress
  • apollo-server-core
apollo-server-core  <=2.26.0
Severity: moderate
Introspection in schema validation in Apollo Server - https://github.com/advisories/GHSA-w42g-7vfc-xf37
Prevent logging invalid header values - https://github.com/advisories/GHSA-j5g3-5c8r-7qfx
fix available via `npm audit fix --force`
Will install apollo-server-express@3.13.0, which is a breaking change
node_modules/apollo-server-core
  apollo-server-express  <=2.14.1
  Depends on vulnerable versions of apollo-server-core
  node_modules/apollo-server-express
  • axios
axios  0.8.1 - 1.5.1
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via `npm audit fix --force`
Will install @bandwidth/messaging@4.1.3, which is a breaking change
node_modules/axios
node_modules/twilio/node_modules/axios
  @bandwidth/messaging  3.0.0 - 4.1.2
  Depends on vulnerable versions of axios
  node_modules/@bandwidth/messaging
  twilio  >=2.6.0
  Depends on vulnerable versions of axios
  Depends on vulnerable versions of jsonwebtoken
  node_modules/twilio
  • degenerator
degenerator  <3.0.1
Severity: high
Code Injection in pac-resolver - https://github.com/advisories/GHSA-9j49-mfvp-vmhm
fix available via `npm audit fix --force`
Will install mailgun-js@0.6.7, which is a breaking change
node_modules/degenerator
  pac-resolver  <=4.2.0
  Depends on vulnerable versions of degenerator
  Depends on vulnerable versions of netmask
  node_modules/pac-resolver
    pac-proxy-agent  <=4.1.0
    Depends on vulnerable versions of pac-resolver
    node_modules/pac-proxy-agent
      proxy-agent  1.1.0 - 4.0.1
      Depends on vulnerable versions of pac-proxy-agent
      node_modules/proxy-agent
        mailgun-js  >=0.6.8
        Depends on vulnerable versions of proxy-agent
        node_modules/mailgun-js
  • flat
flat  <5.0.1
Severity: critical
flat vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-2j2x-2gpw-g8fm
fix available via `npm audit fix --force`
Will install json2csv@6.0.0-alpha.2, which is a breaking change
node_modules/flat
  json2csv  3.1.0 - 4.0.0-alpha.2
  Depends on vulnerable versions of flat
  node_modules/json2csv

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    StateVoice Spoke Hackathon

    Status

    In Progress

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions