ory
@ory/cli and npm audit
Preflight checklist
- [x] I could not find a solution in the existing issues, docs, nor discussions.
- [x] I agree to follow this project's Code of Conduct.
- [x] I have read and am following this repository's Contribution Guidelines.
- [x] I have joined the Ory Community Slack.
- [x] I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
When running npm audit @ory/cli is reported as having vulnerabilities
Reproducing the bug
npm init npm install --save-dev @ory/cli npm audit
npm audit report
form-data <2.5.4 Severity: critical form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4 No fix available node_modules/form-data request * Depends on vulnerable versions of form-data Depends on vulnerable versions of tough-cookie node_modules/request binwrap * Depends on vulnerable versions of request node_modules/binwrap @ory/cli * Depends on vulnerable versions of binwrap node_modules/@ory/cli
tough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 No fix available node_modules/tough-cookie
5 vulnerabilities (3 moderate, 2 critical)
Some issues need review, and may require choosing a different dependency.
Relevant log output
Relevant configuration
Version
1.1.0
On which operating system are you observing this issue?
Windows
In which environment are you deploying?
Other
Additional Context
Ory support asked me to open this issue
