Update yarn-audit-known-issues

hmcts · Nov 22, 2024 · 35a4a2d · 35a4a2d
1 parent 7bc32a6
commit 35a4a2d
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues
@@ -5,9 +5,11 @@
 {"value":"cookie","children":{"ID":1099846,"Issue":"cookie accepts cookie name, path, and domain with out of bounds characters","URL":"https://github.com/advisories/GHSA-pxg6-pf52-xh8x","Severity":"low","Vulnerable Versions":"<0.7.0","Tree Versions":["0.5.0"],"Dependents":["express@npm:4.18.2"]}}
 {"value":"copy-concurrently","children":{"ID":"copy-concurrently (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"1.0.5","Tree Versions":["1.0.5"],"Dependents":["move-concurrently@npm:1.0.1"]}}
 {"value":"core-js","children":{"ID":"core-js (deprecation)","Issue":"core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js.","Severity":"moderate","Vulnerable Versions":"1.2.7","Tree Versions":["1.2.7"],"Dependents":["fbjs@npm:0.8.18"]}}
+{"value":"cross-spawn","children":{"ID":1100562,"Issue":"Regular Expression Denial of Service (ReDoS) in cross-spawn","URL":"https://github.com/advisories/GHSA-3xgq-45jj-v275","Severity":"high","Vulnerable Versions":"<6.0.6","Tree Versions":["5.1.0"],"Dependents":["execa@npm:0.7.0"]}}
+{"value":"cross-spawn","children":{"ID":1100563,"Issue":"Regular Expression Denial of Service (ReDoS) in cross-spawn","URL":"https://github.com/advisories/GHSA-3xgq-45jj-v275","Severity":"high","Vulnerable Versions":">=7.0.0 <7.0.5","Tree Versions":["7.0.3"],"Dependents":["foreground-child@npm:3.1.1"]}}
 {"value":"domexception","children":{"ID":"domexception (deprecation)","Issue":"Use your platform's native DOMException instead","Severity":"moderate","Vulnerable Versions":"4.0.0","Tree Versions":["4.0.0"],"Dependents":["jsdom@virtual:ce56289c4b7a2e9003d709997e253c1c80dcaee4c6fbe440cbe9ba5de5db8af3a7b7ad41bbdec5a5e3d40dc9c3c54bef92dd6885ff84cd436d636d5a1b380a61#npm:20.0.3"]}}
 {"value":"express","children":{"ID":1096820,"Issue":"Express.js Open Redirect in malformed URLs","URL":"https://github.com/advisories/GHSA-rv95-896h-c2vc","Severity":"moderate","Vulnerable Versions":"<4.19.2","Tree Versions":["4.18.2"],"Dependents":["json-server@npm:0.15.1"]}}
-{"value":"express","children":{"ID":1099529,"Issue":"express vulnerable to XSS via response.redirect()","URL":"https://github.com/advisories/GHSA-qw6h-vgh9-j6wx","Severity":"moderate","Vulnerable Versions":"<4.20.0","Tree Versions":["4.18.2"],"Dependents":["json-server@npm:0.15.1"]}}
+{"value":"express","children":{"ID":1100530,"Issue":"express vulnerable to XSS via response.redirect()","URL":"https://github.com/advisories/GHSA-qw6h-vgh9-j6wx","Severity":"low","Vulnerable Versions":"<4.20.0","Tree Versions":["4.18.2"],"Dependents":["json-server@npm:0.15.1"]}}
 {"value":"figgy-pudding","children":{"ID":"figgy-pudding (deprecation)","Issue":"This module is no longer supported.","Severity":"moderate","Vulnerable Versions":"3.5.2","Tree Versions":["3.5.2"],"Dependents":["npm-registry-fetch@npm:4.0.7"]}}
 {"value":"fs-write-stream-atomic","children":{"ID":"fs-write-stream-atomic (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"1.0.10","Tree Versions":["1.0.10"],"Dependents":["move-concurrently@npm:1.0.1"]}}
 {"value":"gauge","children":{"ID":"gauge (deprecation)","Issue":"This package is no longer supported.","Severity":"moderate","Vulnerable Versions":"4.0.4","Tree Versions":["4.0.4"],"Dependents":["npmlog@npm:6.0.2"]}}
@@ -36,9 +38,9 @@
 {"value":"request","children":{"ID":1096727,"Issue":"Server-Side Request Forgery in Request","URL":"https://github.com/advisories/GHSA-p8p7-x288-28g6","Severity":"moderate","Vulnerable Versions":"<=2.88.2","Tree Versions":["2.88.2"],"Dependents":["json-server@npm:0.15.1"]}}
 {"value":"resolve-url","children":{"ID":"resolve-url (deprecation)","Issue":"https://github.com/lydell/resolve-url#deprecated","Severity":"moderate","Vulnerable Versions":"0.2.1","Tree Versions":["0.2.1"],"Dependents":["source-map-resolve@npm:0.5.3"]}}
 {"value":"rimraf","children":{"ID":"rimraf (deprecation)","Issue":"Rimraf versions prior to v4 are no longer supported","Severity":"moderate","Vulnerable Versions":"3.0.2","Tree Versions":["3.0.2"],"Dependents":["@mapbox/node-pre-gyp@npm:1.0.11"]}}
-{"value":"send","children":{"ID":1099525,"Issue":"send vulnerable to template injection that can lead to XSS","URL":"https://github.com/advisories/GHSA-m6fv-jmcg-4jfg","Severity":"moderate","Vulnerable Versions":"<0.19.0","Tree Versions":["0.18.0"],"Dependents":["express@npm:4.18.2"]}}
-{"value":"serve-static","children":{"ID":1099527,"Issue":"serve-static vulnerable to template injection that can lead to XSS","URL":"https://github.com/advisories/GHSA-cm22-4g7w-348p","Severity":"moderate","Vulnerable Versions":"<1.16.0","Tree Versions":["1.15.0"],"Dependents":["express@npm:4.18.2"]}}
-{"value":"socket.io-parser","children":{"ID":1098329,"Issue":"Insufficient validation when decoding a Socket.IO packet","URL":"https://github.com/advisories/GHSA-cqmj-92xf-r6r9","Severity":"high","Vulnerable Versions":">=4.0.4 <4.2.3","Tree Versions":["4.0.5"],"Dependents":["socket.io-client@npm:3.1.3"]}}
+{"value":"send","children":{"ID":1100526,"Issue":"send vulnerable to template injection that can lead to XSS","URL":"https://github.com/advisories/GHSA-m6fv-jmcg-4jfg","Severity":"low","Vulnerable Versions":"<0.19.0","Tree Versions":["0.18.0"],"Dependents":["express@npm:4.18.2"]}}
+{"value":"serve-static","children":{"ID":1100528,"Issue":"serve-static vulnerable to template injection that can lead to XSS","URL":"https://github.com/advisories/GHSA-cm22-4g7w-348p","Severity":"low","Vulnerable Versions":"<1.16.0","Tree Versions":["1.15.0"],"Dependents":["express@npm:4.18.2"]}}
+{"value":"socket.io-parser","children":{"ID":1100541,"Issue":"Insufficient validation when decoding a Socket.IO packet","URL":"https://github.com/advisories/GHSA-cqmj-92xf-r6r9","Severity":"moderate","Vulnerable Versions":">=4.0.4 <4.2.3","Tree Versions":["4.0.5"],"Dependents":["socket.io-client@npm:3.1.3"]}}
 {"value":"source-map-resolve","children":{"ID":"source-map-resolve (deprecation)","Issue":"See https://github.com/lydell/source-map-resolve#deprecated","Severity":"moderate","Vulnerable Versions":"0.5.3","Tree Versions":["0.5.3"],"Dependents":["snapdragon@npm:0.8.2"]}}
 {"value":"source-map-url","children":{"ID":"source-map-url (deprecation)","Issue":"See https://github.com/lydell/source-map-url#deprecated","Severity":"moderate","Vulnerable Versions":"0.4.1","Tree Versions":["0.4.1"],"Dependents":["source-map-resolve@npm:0.5.3"]}}
 {"value":"tar","children":{"ID":1097493,"Issue":"Denial of service while parsing a tar file due to lack of folders count validation","URL":"https://github.com/advisories/GHSA-f5x3-32g6-xq36","Severity":"moderate","Vulnerable Versions":"<6.2.1","Tree Versions":["6.1.15"],"Dependents":["@mapbox/node-pre-gyp@npm:1.0.11"]}}