You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
stack-chan/firmware$ npm audit
# npm audit report
axios 0.8.1 - 0.27.2 || 1.0.0 - 1.5.1
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
No fix available
node_modules/apisauce/node_modules/axios
node_modules/axios
apisauce <=3.0.0
Depends on vulnerable versions of axios
node_modules/apisauce
gluegun >=0.3.0
Depends on vulnerable versions of apisauce
Depends on vulnerable versions of ejs
Depends on vulnerable versions of lodash.trim
Depends on vulnerable versions of lodash.trimend
Depends on vulnerable versions of semver
node_modules/gluegun
xs-dev *
Depends on vulnerable versions of gluegun
node_modules/xs-dev
ejs <=3.1.9
Severity: critical
ejs template injection vulnerability - https://github.com/advisories/GHSA-phwq-j96m-2c2q
ejs lacks certain pollution protection - https://github.com/advisories/GHSA-ghr5-ch3p-vcr6
No fix available
node_modules/ejs
follow-redirects <=1.15.5
Severity: moderate
Follow Redirects improperly handles URLs in the url.parse() function- https://github.com/advisories/GHSA-jchw-25xp-jwwc
follow-redirects' Proxy-Authorization header kept across hosts - https://github.com/advisories/GHSA-cxjh-pqwp-8mfpfix available via `npm audit fix`node_modules/follow-redirectslodash.trim *Severity: moderateRegular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9No fix availablenode_modules/lodash.trimlodash.trimend *Severity: moderateRegular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9fix available via `npm audit fix`node_modules/lodash.trimendprotobufjs 7.0.0 - 7.2.4Severity: criticalprotobufjs Prototype Pollution vulnerability - https://github.com/advisories/GHSA-h755-8qp9-cq85fix available via `npm audit fix --force`Will install @google-cloud/[email protected], which is a breaking changenode_modules/protobufjs google-gax 2.2.1-pre - 2.2.1-pre.2 || 2.28.2-alpha.1 - 2.28.4-alpha.1 || 3.1.4 - 4.0.3 Depends on vulnerable versions of protobufjs Depends on vulnerable versions of protobufjs-cli node_modules/google-gax @google-cloud/text-to-speech 4.0.3 - 4.2.3 Depends on vulnerable versions of google-gax node_modules/@google-cloud/text-to-speechsemver 7.0.0 - 7.5.1Severity: moderatesemver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgwNo fix availablenode_modules/gluegun/node_modules/semvernode_modules/semvertaffydb *Severity: highTaffyDB can allow access to any data items in the DB - https://github.com/advisories/GHSA-mxhp-79qh-mcx6fix available via `npm audit fix --force`Will install @google-cloud/[email protected], which is a breaking changenode_modules/taffydb jsdoc 3.2.0-dev - 3.6.11 Depends on vulnerable versions of taffydb node_modules/jsdoc protobufjs-cli <=1.0.2 Depends on vulnerable versions of jsdoc node_modules/protobufjs-cliword-wrap <1.2.4Severity: moderateword-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7fix available via `npm audit fix`node_modules/word-wrap16 vulnerabilities (9 moderate, 3 high, 4 critical)To address issues that do not require attention, run: npm audit fixTo address all issues possible (including breaking changes), run: npm audit fix --forceSome issues need review, and may require choosinga different dependency.
環境 (次の項目を埋めてください):
GitHub上
Ubuntu22.04(CLI確認環境)
The text was updated successfully, but these errors were encountered:
不具合の概要
セキュリティの脆弱性について警告される。
再現手順
GitHubのセキュリティタブ上でも確認できます。
stack-chan/firmware
のディレクトリに移動しますnpm audit
で警告を確認します想定する挙動
セキュリティの警告が出力されない。
ログ
npm audit
の出力結果環境 (次の項目を埋めてください):
The text was updated successfully, but these errors were encountered: