main icon indicating copy to clipboard operation
main copied to clipboard

Published 20 hours ago verified publisher icon mocks-server

Fixes for vulnerabilities in yaml, minimist and got dependencies

Open mluk-sastrify opened this issue 2 years ago • 1 comments

Describe the bug The SNYK vulnerability scan picked up some packages with exploits.

To Reproduce Run vulnerability scan for the dependencies

Expected behavior Dependency packages are bumped to versions with fixes: [email protected] [email protected], @1.2.6 [email protected], @12.1.0

Additional context SNYK vulnerabilities scan: image

mluk-sastrify avatar Apr 27 '23 10:04 mluk-sastrify 

# npm audit report

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install @mocks-server/[email protected], which is a breaking change
node_modules/got
  package-json  <=6.5.0
  Depends on vulnerable versions of got
  node_modules/package-json
    latest-version  0.2.0 - 5.1.0
    Depends on vulnerable versions of package-json
    node_modules/latest-version
      update-notifier  0.2.0 - 5.1.0
      Depends on vulnerable versions of latest-version
      node_modules/update-notifier
        @mocks-server/core  >=3.3.0
        Depends on vulnerable versions of update-notifier
        node_modules/@mocks-server/core
          @mocks-server/main  >=3.3.0
          Depends on vulnerable versions of @mocks-server/core
          Depends on vulnerable versions of @mocks-server/plugin-admin-api
          Depends on vulnerable versions of @mocks-server/plugin-inquirer-cli
          Depends on vulnerable versions of @mocks-server/plugin-openapi
          Depends on vulnerable versions of @mocks-server/plugin-proxy
          node_modules/@mocks-server/main
          @mocks-server/plugin-admin-api  >=3.2.0
          Depends on vulnerable versions of @mocks-server/core
          node_modules/@mocks-server/plugin-admin-api
          @mocks-server/plugin-inquirer-cli  >=3.2.0
          Depends on vulnerable versions of @mocks-server/core
          node_modules/@mocks-server/plugin-inquirer-cli
          @mocks-server/plugin-openapi  *
          Depends on vulnerable versions of @mocks-server/core
          node_modules/@mocks-server/plugin-openapi
          @mocks-server/plugin-proxy  >=3.0.0
          Depends on vulnerable versions of @mocks-server/core
          node_modules/@mocks-server/plugin-proxy

10 moderate severity vulnerabilities

monolithed avatar Aug 16 '23 09:08 monolithed