-
Notifications
You must be signed in to change notification settings - Fork 8
/
yarn-audit-known-issues
48 lines (48 loc) · 13.8 KB
/
yarn-audit-known-issues
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{"value":"abab","children":{"ID":"abab (deprecation)","Issue":"Use your platform's native atob() and btoa() methods instead","Severity":"moderate","Vulnerable Versions":"2.0.6","Tree Versions":["2.0.6"],"Dependents":["jsdom@virtual:ce56289c4b7a2e9003d709997e253c1c80dcaee4c6fbe440cbe9ba5de5db8af3a7b7ad41bbdec5a5e3d40dc9c3c54bef92dd6885ff84cd436d636d5a1b380a61#npm:20.0.3"]}}
{"value":"are-we-there-yet","children":{"ID":"are-we-there-yet (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"3.0.1","Tree Versions":["3.0.1"],"Dependents":["npmlog@npm:6.0.2"]}}
{"value":"body-parser","children":{"ID":1099520,"Issue":"body-parser vulnerable to denial of service when url encoding is enabled","URL":"https://github.com/advisories/GHSA-qwcr-r2fm-qrc7","Severity":"high","Vulnerable Versions":"<1.20.3","Tree Versions":["1.20.1","1.20.2"],"Dependents":["express@npm:4.18.2","json-server@npm:0.15.1"]}}
{"value":"braces","children":{"ID":1098094,"Issue":"Uncontrolled resource consumption in braces","URL":"https://github.com/advisories/GHSA-grv7-fg5c-xmjg","Severity":"high","Vulnerable Versions":"<3.0.3","Tree Versions":["2.3.2"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}}
{"value":"cookie","children":{"ID":1099846,"Issue":"cookie accepts cookie name, path, and domain with out of bounds characters","URL":"https://github.com/advisories/GHSA-pxg6-pf52-xh8x","Severity":"low","Vulnerable Versions":"<0.7.0","Tree Versions":["0.5.0"],"Dependents":["express@npm:4.18.2"]}}
{"value":"copy-concurrently","children":{"ID":"copy-concurrently (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"1.0.5","Tree Versions":["1.0.5"],"Dependents":["move-concurrently@npm:1.0.1"]}}
{"value":"core-js","children":{"ID":"core-js (deprecation)","Issue":"core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.","Severity":"moderate","Vulnerable Versions":"1.2.7","Tree Versions":["1.2.7"],"Dependents":["fbjs@npm:0.8.18"]}}
{"value":"domexception","children":{"ID":"domexception (deprecation)","Issue":"Use your platform's native DOMException instead","Severity":"moderate","Vulnerable Versions":"4.0.0","Tree Versions":["4.0.0"],"Dependents":["jsdom@virtual:ce56289c4b7a2e9003d709997e253c1c80dcaee4c6fbe440cbe9ba5de5db8af3a7b7ad41bbdec5a5e3d40dc9c3c54bef92dd6885ff84cd436d636d5a1b380a61#npm:20.0.3"]}}
{"value":"express","children":{"ID":1096820,"Issue":"Express.js Open Redirect in malformed URLs","URL":"https://github.com/advisories/GHSA-rv95-896h-c2vc","Severity":"moderate","Vulnerable Versions":"<4.19.2","Tree Versions":["4.18.2"],"Dependents":["json-server@npm:0.15.1"]}}
{"value":"express","children":{"ID":1099529,"Issue":"express vulnerable to XSS via response.redirect()","URL":"https://github.com/advisories/GHSA-qw6h-vgh9-j6wx","Severity":"moderate","Vulnerable Versions":"<4.20.0","Tree Versions":["4.18.2"],"Dependents":["json-server@npm:0.15.1"]}}
{"value":"figgy-pudding","children":{"ID":"figgy-pudding (deprecation)","Issue":"This module is no longer supported.","Severity":"moderate","Vulnerable Versions":"3.5.2","Tree Versions":["3.5.2"],"Dependents":["npm-registry-fetch@npm:4.0.7"]}}
{"value":"fs-write-stream-atomic","children":{"ID":"fs-write-stream-atomic (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"1.0.10","Tree Versions":["1.0.10"],"Dependents":["move-concurrently@npm:1.0.1"]}}
{"value":"gauge","children":{"ID":"gauge (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"4.0.4","Tree Versions":["4.0.4"],"Dependents":["npmlog@npm:6.0.2"]}}
{"value":"glob","children":{"ID":"glob (deprecation)","Issue":"Glob versions prior to v9 are no longer supported","Severity":"moderate","Vulnerable Versions":"7.2.3","Tree Versions":["7.2.3"],"Dependents":["cacache@npm:12.0.4"]}}
{"value":"got","children":{"ID":1088948,"Issue":"Got allows a redirect to a UNIX socket","URL":"https://github.com/advisories/GHSA-pfrx-2q88-qq97","Severity":"moderate","Vulnerable Versions":"<11.8.5","Tree Versions":["9.6.0"],"Dependents":["package-json@npm:6.5.0"]}}
{"value":"har-validator","children":{"ID":"har-validator (deprecation)","Issue":"this library is no longer supported","Severity":"moderate","Vulnerable Versions":"5.1.5","Tree Versions":["5.1.5"],"Dependents":["request@npm:2.88.2"]}}
{"value":"http-cache-semantics","children":{"ID":1092316,"Issue":"http-cache-semantics vulnerable to Regular Expression Denial of Service","URL":"https://github.com/advisories/GHSA-rc47-6667-2j5j","Severity":"high","Vulnerable Versions":"<4.1.1","Tree Versions":["3.8.1"],"Dependents":["make-fetch-happen@npm:5.0.2"]}}
{"value":"inflight","children":{"ID":"inflight (deprecation)","Issue":"This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.","Severity":"moderate","Vulnerable Versions":"1.0.6","Tree Versions":["1.0.6"],"Dependents":["glob@npm:7.2.3"]}}
{"value":"ip","children":{"ID":1097720,"Issue":"NPM IP package incorrectly identifies some private IP addresses as public","URL":"https://github.com/advisories/GHSA-78xj-cgh5-2h22","Severity":"low","Vulnerable Versions":"<1.1.9","Tree Versions":["1.1.5"],"Dependents":["socks@npm:2.3.3"]}}
{"value":"ip","children":{"ID":1097721,"Issue":"NPM IP package incorrectly identifies some private IP addresses as public","URL":"https://github.com/advisories/GHSA-78xj-cgh5-2h22","Severity":"low","Vulnerable Versions":"=2.0.0","Tree Versions":["2.0.0"],"Dependents":["socks@npm:2.7.1"]}}
{"value":"ip","children":{"ID":1099357,"Issue":"ip SSRF improper categorization in isPublic","URL":"https://github.com/advisories/GHSA-2p57-rm9w-gvfp","Severity":"high","Vulnerable Versions":"<=2.0.1","Tree Versions":["1.1.5","2.0.0"],"Dependents":["socks@npm:2.3.3","socks@npm:2.7.1"]}}
{"value":"is-accessor-descriptor","children":{"ID":"is-accessor-descriptor (deprecation)","Issue":"Please upgrade to v0.1.7","Severity":"moderate","Vulnerable Versions":"0.1.6","Tree Versions":["0.1.6"],"Dependents":["is-descriptor@npm:0.1.6"]}}
{"value":"is-data-descriptor","children":{"ID":"is-data-descriptor (deprecation)","Issue":"Please upgrade to v0.1.5","Severity":"moderate","Vulnerable Versions":"0.1.4","Tree Versions":["0.1.4"],"Dependents":["is-descriptor@npm:0.1.6"]}}
{"value":"marked","children":{"ID":1095051,"Issue":"Inefficient Regular Expression Complexity in marked","URL":"https://github.com/advisories/GHSA-rrrm-qjm4-v8hf","Severity":"high","Vulnerable Versions":"<4.0.10","Tree Versions":["0.7.0"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}}
{"value":"marked","children":{"ID":1095052,"Issue":"Inefficient Regular Expression Complexity in marked","URL":"https://github.com/advisories/GHSA-5v2h-r2cx-5xgj","Severity":"high","Vulnerable Versions":"<4.0.10","Tree Versions":["0.7.0"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}}
{"value":"mermaid","children":{"ID":1100231,"Issue":"Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify","URL":"https://github.com/advisories/GHSA-m4gq-x24j-jpmf","Severity":"high","Vulnerable Versions":"<=10.9.2","Tree Versions":["10.9.1"],"Dependents":["ngx-markdown@virtual:6ff8c2a3aef81417d9f60600e3255d97c9c6c863d8733a87ed99d869392767523e0e28c07db1eb2a034bc9265813386132447698258584d621a7fd0e13d93585#npm:17.2.1"]}}
{"value":"micromatch","children":{"ID":1098681,"Issue":"Regular Expression Denial of Service (ReDoS) in micromatch","URL":"https://github.com/advisories/GHSA-952p-6rrq-rcjv","Severity":"moderate","Vulnerable Versions":"<4.0.8","Tree Versions":["4.0.5"],"Dependents":["fast-glob@npm:3.3.2"]}}
{"value":"move-concurrently","children":{"ID":"move-concurrently (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"1.0.1","Tree Versions":["1.0.1"],"Dependents":["cacache@npm:12.0.4"]}}
{"value":"node-fetch-npm","children":{"ID":"node-fetch-npm (deprecation)","Issue":"This module is not used anymore, npm uses minipass-fetch for its fetch implementation now","Severity":"moderate","Vulnerable Versions":"2.0.4","Tree Versions":["2.0.4"],"Dependents":["make-fetch-happen@npm:5.0.2"]}}
{"value":"npmlog","children":{"ID":"npmlog (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"6.0.2","Tree Versions":["6.0.2"],"Dependents":["node-gyp@npm:9.4.0"]}}
{"value":"osenv","children":{"ID":"osenv (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"0.1.5","Tree Versions":["0.1.5"],"Dependents":["npm-package-arg@npm:6.1.1"]}}
{"value":"path-to-regexp","children":{"ID":1099561,"Issue":"path-to-regexp outputs backtracking regular expressions","URL":"https://github.com/advisories/GHSA-9wv6-86v2-598j","Severity":"high","Vulnerable Versions":">=0.2.0 <1.9.0","Tree Versions":["1.8.0"],"Dependents":["express-urlrewrite@npm:1.4.0"]}}
{"value":"path-to-regexp","children":{"ID":1099562,"Issue":"path-to-regexp outputs backtracking regular expressions","URL":"https://github.com/advisories/GHSA-9wv6-86v2-598j","Severity":"high","Vulnerable Versions":"<0.1.10","Tree Versions":["0.1.7"],"Dependents":["express@npm:4.18.2"]}}
{"value":"prismjs","children":{"ID":1089189,"Issue":"prismjs Regular Expression Denial of Service vulnerability","URL":"https://github.com/advisories/GHSA-hqhp-5p83-hx96","Severity":"moderate","Vulnerable Versions":"<1.25.0","Tree Versions":["1.24.1"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}}
{"value":"prismjs","children":{"ID":1090424,"Issue":"Cross-site Scripting in Prism","URL":"https://github.com/advisories/GHSA-3949-f494-cm99","Severity":"high","Vulnerable Versions":">=1.14.0 <1.27.0","Tree Versions":["1.24.1"],"Dependents":["@hmcts/ccd-case-ui-toolkit@workspace:."]}}
{"value":"request","children":{"ID":1096727,"Issue":"Server-Side Request Forgery in Request","URL":"https://github.com/advisories/GHSA-p8p7-x288-28g6","Severity":"moderate","Vulnerable Versions":"<=2.88.2","Tree Versions":["2.88.2"],"Dependents":["json-server@npm:0.15.1"]}}
{"value":"resolve-url","children":{"ID":"resolve-url (deprecation)","Issue":"https://github.com/lydell/resolve-url#deprecated","Severity":"moderate","Vulnerable Versions":"0.2.1","Tree Versions":["0.2.1"],"Dependents":["source-map-resolve@npm:0.5.3"]}}
{"value":"rimraf","children":{"ID":"rimraf (deprecation)","Issue":"Rimraf versions prior to v4 are no longer supported","Severity":"moderate","Vulnerable Versions":"3.0.2","Tree Versions":["3.0.2"],"Dependents":["@mapbox/node-pre-gyp@npm:1.0.11"]}}
{"value":"send","children":{"ID":1099525,"Issue":"send vulnerable to template injection that can lead to XSS","URL":"https://github.com/advisories/GHSA-m6fv-jmcg-4jfg","Severity":"moderate","Vulnerable Versions":"<0.19.0","Tree Versions":["0.18.0"],"Dependents":["express@npm:4.18.2"]}}
{"value":"serve-static","children":{"ID":1099527,"Issue":"serve-static vulnerable to template injection that can lead to XSS","URL":"https://github.com/advisories/GHSA-cm22-4g7w-348p","Severity":"moderate","Vulnerable Versions":"<1.16.0","Tree Versions":["1.15.0"],"Dependents":["express@npm:4.18.2"]}}
{"value":"socket.io-parser","children":{"ID":1098329,"Issue":"Insufficient validation when decoding a Socket.IO packet","URL":"https://github.com/advisories/GHSA-cqmj-92xf-r6r9","Severity":"high","Vulnerable Versions":">=4.0.4 <4.2.3","Tree Versions":["4.0.5"],"Dependents":["socket.io-client@npm:3.1.3"]}}
{"value":"source-map-resolve","children":{"ID":"source-map-resolve (deprecation)","Issue":"See https://github.com/lydell/source-map-resolve#deprecated","Severity":"moderate","Vulnerable Versions":"0.5.3","Tree Versions":["0.5.3"],"Dependents":["snapdragon@npm:0.8.2"]}}
{"value":"source-map-url","children":{"ID":"source-map-url (deprecation)","Issue":"See https://github.com/lydell/source-map-url#deprecated","Severity":"moderate","Vulnerable Versions":"0.4.1","Tree Versions":["0.4.1"],"Dependents":["source-map-resolve@npm:0.5.3"]}}
{"value":"tar","children":{"ID":1097493,"Issue":"Denial of service while parsing a tar file due to lack of folders count validation","URL":"https://github.com/advisories/GHSA-f5x3-32g6-xq36","Severity":"moderate","Vulnerable Versions":"<6.2.1","Tree Versions":["6.1.15"],"Dependents":["@mapbox/node-pre-gyp@npm:1.0.11"]}}
{"value":"tough-cookie","children":{"ID":1097682,"Issue":"tough-cookie Prototype Pollution vulnerability","URL":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3","Severity":"moderate","Vulnerable Versions":"<4.1.3","Tree Versions":["2.5.0"],"Dependents":["request@npm:2.88.2"]}}
{"value":"urix","children":{"ID":"urix (deprecation)","Issue":"Please see https://github.com/lydell/urix#deprecated","Severity":"moderate","Vulnerable Versions":"0.1.0","Tree Versions":["0.1.0"],"Dependents":["source-map-resolve@npm:0.5.3"]}}
{"value":"uuid","children":{"ID":"uuid (deprecation)","Issue":"Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.","Severity":"moderate","Vulnerable Versions":"3.4.0","Tree Versions":["3.4.0"],"Dependents":["@hmcts/media-viewer@virtual:6ff8c2a3aef81417d9f60600e3255d97c9c6c863d8733a87ed99d869392767523e0e28c07db1eb2a034bc9265813386132447698258584d621a7fd0e13d93585#npm:4.0.8"]}}
{"value":"ws","children":{"ID":1098393,"Issue":"ws affected by a DoS when handling a request with many HTTP headers","URL":"https://github.com/advisories/GHSA-3h5v-q93c-6h6q","Severity":"high","Vulnerable Versions":">=7.0.0 <7.5.10","Tree Versions":["7.4.6"],"Dependents":["engine.io-client@npm:4.1.4"]}}