generator icon indicating copy to clipboard operation
generator copied to clipboard
verified publisher icon expressjs

Update package version in express-cli.js

Open tonysan opened this issue 4 years ago • 0 comments

pug, less-middleware, and hbs

SEMVER WARNING: Recommended action is a potentially breaking change
  Low             Regular Expression Denial of Service
  Package         clean-css
  Dependency of   pug
  Path            pug > pug-filters > clean-css
  More info       https://npmjs.com/advisories/785

                                 Manual Review
             Some vulnerabilities require your attention to resolve
          Visit https://go.npm.me/audit-guide for additional guidance

  Moderate        Prototype Pollution
  Package         hoek
  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3
  Dependency of   less-middleware
  Path            less-middleware > less > request > hawk > boom > hoek
  More info       https://npmjs.com/advisories/566

  Moderate        Prototype Pollution
  Package         hoek
  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3
  Dependency of   less-middleware
  Path            less-middleware > less > request > hawk > cryptiles > boom >
                  hoek
  More info       https://npmjs.com/advisories/566


  Moderate        Prototype Pollution
  Package         hoek
  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3
  Dependency of   less-middleware
  Path            less-middleware > less > request > hawk > hoek
  More info       https://npmjs.com/advisories/566


  Moderate        Prototype Pollution
  Package         hoek
  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3
  Dependency of   less-middleware
  Path            less-middleware > less > request > hawk > sntp > hoek
  More info       https://npmjs.com/advisories/566


  High            Insufficient Entropy
  Package         cryptiles
  Patched in      >=4.1.2
  Dependency of   less-middleware
  Path            less-middleware > less > request > hawk > cryptiles
  More info       https://npmjs.com/advisories/1464

# Run  npm install [email protected]  to resolve 5 vulnerabilities

  Low             Prototype Pollution
  Package         minimist
  Dependency of   hbs
  Path            hbs > handlebars > optimist > minimist
  More info       https://npmjs.com/advisories/1179

  Moderate        Denial of Service
  Package         handlebars
  Dependency of   hbs
  Path            hbs > handlebars
  More info       https://npmjs.com/advisories/1300

  High            Arbitrary Code Execution
  Package         handlebars
  Dependency of   hbs
  Path            hbs > handlebars
  More info       https://npmjs.com/advisories/1316

  High            Arbitrary Code Execution
  Package         handlebars
  Dependency of   hbs
  Path            hbs > handlebars
  More info       https://npmjs.com/advisories/1324

  High            Prototype Pollution
  Package         handlebars
  Dependency of   hbs
  Path            hbs > handlebars
  More info       https://npmjs.com/advisories/1325

tonysan avatar Jan 03 '21 05:01 tonysan