npm audit found vulnerabilities

Question

npm audit found vulnerabilities

github-actions opened this issue 2 years ago · comments

# npm audit report

minimist  <=1.2.5
Severity: high
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 1 · Tue Mar 29 2022 21:20:49 GMT+0800 (China Standard Time)

# npm audit report

minimist  <=1.2.5
Severity: high
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 2 · Fri Apr 01 2022 21:27:11 GMT+0800 (China Standard Time)

# npm audit report

minimist  <=1.2.5
Severity: high
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 3 · Fri Apr 08 2022 21:24:15 GMT+0800 (China Standard Time)

# npm audit report

minimist  <1.2.6
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist

1 critical severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 4 · Fri Apr 15 2022 21:19:29 GMT+0800 (China Standard Time)

# npm audit report

minimist  <1.2.6
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist

1 critical severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 5 · Wed Jun 22 2022 21:30:48 GMT+0800 (China Standard Time)

# npm audit report

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install nodemon@1.3.3, which is a breaking change
node_modules/got
  package-json  <=6.5.0
  Depends on vulnerable versions of got
  node_modules/package-json
    latest-version  0.2.0 - 5.1.0
    Depends on vulnerable versions of package-json
    node_modules/latest-version
      update-notifier  >=0.2.0
      Depends on vulnerable versions of latest-version
      node_modules/update-notifier
        nodemon  >=1.3.5
        Depends on vulnerable versions of update-notifier
        node_modules/nodemon

5 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

github-actions · Answer 6 · Wed Jun 29 2022 21:31:10 GMT+0800 (China Standard Time)

# npm audit report

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install nodemon@1.3.3, which is a breaking change
node_modules/got
  package-json  <=6.5.0
  Depends on vulnerable versions of got
  node_modules/package-json
    latest-version  0.2.0 - 5.1.0
    Depends on vulnerable versions of package-json
    node_modules/latest-version
      update-notifier  0.2.0 - 5.1.0
      Depends on vulnerable versions of latest-version
      node_modules/update-notifier
        nodemon  >=1.3.5
        Depends on vulnerable versions of update-notifier
        node_modules/nodemon

5 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

github-actions · Answer 7 · Fri Jul 01 2022 21:32:43 GMT+0800 (China Standard Time)

# npm audit report

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install nodemon@1.3.3, which is a breaking change
node_modules/got
  package-json  <=6.5.0
  Depends on vulnerable versions of got
  node_modules/package-json
    latest-version  0.2.0 - 5.1.0
    Depends on vulnerable versions of package-json
    node_modules/latest-version
      update-notifier  0.2.0 - 5.1.0
      Depends on vulnerable versions of latest-version
      node_modules/update-notifier
        nodemon  >=1.3.5
        Depends on vulnerable versions of update-notifier
        node_modules/nodemon

5 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

github-actions · Answer 8 · Sat Oct 22 2022 21:35:22 GMT+0800 (China Standard Time)

# npm audit report

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 9 · Sat Oct 29 2022 21:25:46 GMT+0800 (China Standard Time)

# npm audit report

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 10 · Tue Nov 01 2022 21:41:37 GMT+0800 (China Standard Time)

# npm audit report

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 11 · Tue Nov 08 2022 21:36:52 GMT+0800 (China Standard Time)

# npm audit report

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 12 · Tue Nov 15 2022 21:29:57 GMT+0800 (China Standard Time)

# npm audit report

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 13 · Tue Nov 22 2022 21:26:07 GMT+0800 (China Standard Time)

# npm audit report

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 14 · Tue Nov 29 2022 21:21:32 GMT+0800 (China Standard Time)

# npm audit report

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 15 · Thu Dec 01 2022 21:28:26 GMT+0800 (China Standard Time)

# npm audit report

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 16 · Thu Dec 08 2022 21:17:33 GMT+0800 (China Standard Time)

# npm audit report

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 17 · Thu Dec 15 2022 21:18:32 GMT+0800 (China Standard Time)

# npm audit report

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 18 · Thu Dec 22 2022 21:15:33 GMT+0800 (China Standard Time)

# npm audit report

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

1 high severity vulnerability

To address all issues, run:
  npm audit fix

github-actions · Answer 19 · Thu Dec 29 2022 21:13:26 GMT+0800 (China Standard Time)

# npm audit report

json5  <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 20 · Sun Jan 01 2023 21:12:01 GMT+0800 (China Standard Time)

# npm audit report

json5  <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 21 · Sun Jan 08 2023 21:12:17 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 22 · Sun Jan 15 2023 21:12:03 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 23 · Sun Jan 22 2023 21:12:20 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 24 · Sun Jan 29 2023 21:12:00 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 25 · Wed Feb 01 2023 21:17:42 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 26 · Wed Feb 08 2023 21:17:43 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 27 · Wed Feb 15 2023 21:19:38 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 28 · Wed Feb 22 2023 21:19:17 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 29 · Wed Mar 01 2023 21:19:56 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 30 · Wed Mar 08 2023 21:19:28 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 31 · Wed Mar 15 2023 21:17:35 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 32 · Wed Mar 22 2023 21:13:57 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 33 · Wed Mar 29 2023 21:17:29 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 34 · Sat Apr 01 2023 21:09:00 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 35 · Sat Apr 08 2023 21:08:48 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 36 · Sat Apr 15 2023 21:09:11 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 37 · Sat Apr 22 2023 21:09:11 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 38 · Sat Apr 29 2023 21:08:23 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 39 · Mon May 01 2023 21:10:06 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 40 · Mon May 08 2023 21:10:54 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 41 · Mon May 15 2023 21:11:42 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 42 · Mon May 22 2023 21:11:09 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 43 · Mon May 29 2023 21:10:40 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 44 · Thu Jun 01 2023 21:11:41 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 45 · Thu Jun 08 2023 21:11:28 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 46 · Thu Jun 15 2023 21:12:20 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 47 · Thu Jun 22 2023 21:10:50 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

github-actions · Answer 48 · Thu Jun 29 2023 21:16:55 GMT+0800 (China Standard Time)

# npm audit report

json5  2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/json5

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch

semver  <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install nodemon@1.14.9, which is a breaking change
node_modules/@babel/core/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/@commitlint/is-ignored/node_modules/semver
node_modules/istanbul-lib-instrument/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/nodemon/node_modules/semver
node_modules/read-pkg/node_modules/semver
node_modules/semver
node_modules/simple-update-notifier/node_modules/semver
  @babel/core  *
  Depends on vulnerable versions of @babel/helper-compilation-targets
  Depends on vulnerable versions of semver
  node_modules/@babel/core
    @jest/transform  *
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of babel-plugin-istanbul
    node_modules/@jest/transform
      babel-jest  >=18.5.0-alpha.7da3df39
      Depends on vulnerable versions of @jest/transform
      Depends on vulnerable versions of babel-plugin-istanbul
      node_modules/babel-jest
        jest-config  >=23.0.0-alpha.0
        Depends on vulnerable versions of @babel/core
        Depends on vulnerable versions of babel-jest
        Depends on vulnerable versions of jest-circus
        Depends on vulnerable versions of jest-runner
        node_modules/jest-config
          jest-cli  >=24.0.0-alpha.0
          Depends on vulnerable versions of @jest/core
          Depends on vulnerable versions of jest-config
          node_modules/jest/node_modules/jest-cli
            jest  >=24.0.0-alpha.0
            Depends on vulnerable versions of @jest/core
            Depends on vulnerable versions of jest-cli
            node_modules/jest
      jest-runner  >=27.0.0-next.0
      Depends on vulnerable versions of @jest/transform
      Depends on vulnerable versions of jest-runtime
      node_modules/jest-runner
      jest-runtime  >=24.2.0-alpha.0
      Depends on vulnerable versions of @jest/globals
      Depends on vulnerable versions of @jest/transform
      Depends on vulnerable versions of jest-snapshot
      node_modules/jest-runtime
    istanbul-lib-instrument  >=1.2.0
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of semver
    node_modules/istanbul-lib-instrument
      @jest/reporters  *
      Depends on vulnerable versions of @jest/transform
      Depends on vulnerable versions of istanbul-lib-instrument
      Depends on vulnerable versions of istanbul-lib-report
      Depends on vulnerable versions of istanbul-reports
      node_modules/@jest/reporters
        @jest/core  *
        Depends on vulnerable versions of @jest/reporters
        Depends on vulnerable versions of @jest/transform
        Depends on vulnerable versions of jest-config
        Depends on vulnerable versions of jest-resolve-dependencies
        Depends on vulnerable versions of jest-runner
        Depends on vulnerable versions of jest-runtime
        Depends on vulnerable versions of jest-snapshot
        node_modules/@jest/core
      babel-plugin-istanbul  >=3.1.0-candidate.0
      Depends on vulnerable versions of istanbul-lib-instrument
      node_modules/babel-plugin-istanbul
    jest-snapshot  >=27.0.0-next.0
    Depends on vulnerable versions of @babel/core
    Depends on vulnerable versions of @jest/transform
    node_modules/jest-snapshot
      @jest/expect  *
      Depends on vulnerable versions of jest-snapshot
      node_modules/@jest/expect
        @jest/globals  >=28.0.0-alpha.0
        Depends on vulnerable versions of @jest/expect
        node_modules/@jest/globals
        jest-circus  >=27.0.0-next.0
        Depends on vulnerable versions of @jest/expect
        Depends on vulnerable versions of jest-runtime
        Depends on vulnerable versions of jest-snapshot
        node_modules/jest-circus
      jest-resolve-dependencies  >=27.0.0-next.0
      Depends on vulnerable versions of jest-snapshot
      node_modules/jest-resolve-dependencies
  @babel/helper-compilation-targets  >=7.8.1
  Depends on vulnerable versions of semver
  node_modules/@babel/helper-compilation-targets
  @commitlint/is-ignored  <=17.6.5
  Depends on vulnerable versions of semver
  node_modules/@commitlint/is-ignored
    @commitlint/lint  *
    Depends on vulnerable versions of @commitlint/is-ignored
    Depends on vulnerable versions of @commitlint/parse
    node_modules/@commitlint/lint
      @commitlint/cli  >=6.1.2
      Depends on vulnerable versions of @commitlint/lint
      Depends on vulnerable versions of @commitlint/read
      node_modules/@commitlint/cli
  make-dir  2.0.0 - 3.1.0
  Depends on vulnerable versions of semver
  node_modules/make-dir
    istanbul-lib-report  >=2.0.5
    Depends on vulnerable versions of make-dir
    node_modules/istanbul-lib-report
      istanbul-reports  >=3.0.0-alpha.0
      Depends on vulnerable versions of istanbul-lib-report
      node_modules/istanbul-reports
  nodemon  1.4.10-alpha.1 - 1.4.10-alpha.3 || >=1.14.10
  Depends on vulnerable versions of semver
  Depends on vulnerable versions of simple-update-notifier
  node_modules/nodemon
  normalize-package-data  <=2.5.0
  Depends on vulnerable versions of semver
  node_modules/read-pkg/node_modules/normalize-package-data
    read-pkg  <=5.2.0
    Depends on vulnerable versions of normalize-package-data
    node_modules/read-pkg
      read-pkg-up  <=7.0.1
      Depends on vulnerable versions of read-pkg
      node_modules/read-pkg-up
        meow  3.4.0 - 9.0.0
        Depends on vulnerable versions of read-pkg-up
        node_modules/meow
          conventional-commits-parser  >=2.1.5
          Depends on vulnerable versions of meow
          node_modules/conventional-commits-parser
            @commitlint/parse  >=8.3.0
            Depends on vulnerable versions of conventional-commits-parser
            node_modules/@commitlint/parse
          git-raw-commits  >=1.3.4
          Depends on vulnerable versions of meow
          node_modules/git-raw-commits
            @commitlint/read  >=8.3.0
            Depends on vulnerable versions of git-raw-commits
            node_modules/@commitlint/read
  simple-update-notifier  1.0.7 - 1.1.0
  Depends on vulnerable versions of semver
  node_modules/simple-update-notifier

word-wrap  *
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via `npm audit fix`
node_modules/word-wrap
  optionator  0.8.3 - 0.9.1
  Depends on vulnerable versions of word-wrap
  node_modules/optionator

39 vulnerabilities (37 moderate, 2 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force