npm packages with security vulnerabilties

### Suggestion

When testing changes with npm - seeing several security vulnerabilties
Happy to break these into independent issues but didn't want to be acused of spamming
I saw the security issue type - but that seemed extreme for these problems

`npm audit`

brace-expansion  2.0.0 - 2.0.1
brace-expansion Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-v6h2-p8h4-qcjw
fix available via `npm audit fix`                       
node_modules/brace-expansion

cross-spawn  7.0.0 - 7.0.4
Severity: high       
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
fix available via `npm audit fix`
node_modules/cross-spawn       

qs  6.9.0 - 6.9.6
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/qs

robots-txt-guard  <1.0.2
Severity: high
robots-txt-guard Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-6g33-8w2q-4hxv
fix available via `npm audit fix --force`
Will install broken-link-checker@0.6.7, which is a breaking change
node_modules/robots-txt-guard
  broken-link-checker  >=0.5.0
  Depends on vulnerable versions of bhttp
  Depends on vulnerable versions of robot-directives
  Depends on vulnerable versions of robots-txt-guard
  node_modules/broken-link-checker

semver  <5.7.2
Severity: high
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/semver

tough-cookie  <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix --force`
Will install broken-link-checker@0.6.7, which is a breaking change
node_modules/tough-cookie
  bhttp  *
  Depends on vulnerable versions of tough-cookie
  node_modules/bhttp

useragent  *
Severity: moderate
useragent Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-mgfv-m47x-4wqp
fix available via `npm audit fix`
node_modules/useragent
  robot-directives  >=0.3.0
  Depends on vulnerable versions of useragent
  node_modules/robot-directives


### Links

_No response_

### Are you interested in contributing to this improvement?

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

npm packages with security vulnerabilties #8205

Suggestion

Links

Are you interested in contributing to this improvement?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

npm packages with security vulnerabilties #8205

Description

Suggestion

Links

Are you interested in contributing to this improvement?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions