npm ci -> 3 vulnerabilities (2 high, 1 critical) #415

mralusw · 2023-01-03T14:40:34Z

Same setup as in #414; in addition to the problems there, there was also this message at the end of npm ci: 3 vulnerabilities (2 high, 1 critical).

npm audit reports:

# npm audit report

json5  <2.2.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
fix available via `npm audit fix`
node_modules/@babel/core/node_modules/json5
node_modules/adjust-sourcemap-loader/node_modules/json5
node_modules/file-loader/node_modules/json5
node_modules/json5
node_modules/mini-css-extract-plugin/node_modules/json5
node_modules/posthtml-loader/node_modules/json5
node_modules/resolve-url-loader/node_modules/json5
node_modules/thread-loader/node_modules/json5
node_modules/vue-loader/node_modules/json5
node_modules/yaml-loader/node_modules/json5
  loader-utils  <=1.4.2
  Depends on vulnerable versions of json5
  node_modules/loader-utils


qs  6.5.0 - 6.5.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/request/node_modules/qs

3 vulnerabilities (2 high, 1 critical)

Is this... something to be expected?

The text was updated successfully, but these errors were encountered:

MattIPv4 · 2023-01-03T14:42:41Z

Yes, it's quite common for there to be some vulnerabilities listed for dependencies. Feel free to open a PR to resolve them if you wish.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

npm ci -> 3 vulnerabilities (2 high, 1 critical) #415

npm ci -> 3 vulnerabilities (2 high, 1 critical) #415

mralusw commented Jan 3, 2023

MattIPv4 commented Jan 3, 2023

npm ci -> 3 vulnerabilities (2 high, 1 critical) #415

npm ci -> 3 vulnerabilities (2 high, 1 critical) #415

Comments

mralusw commented Jan 3, 2023

MattIPv4 commented Jan 3, 2023