sanity-template-nextjs-blog-comments
sanity-template-nextjs-blog-comments copied to clipboard
sanity-io
Update dependencies to fix critical vulnerabilities
When initializing the project I get notified of 4 high vuln. Full audit report:
➜ npm audit
npm audit report
ini <1.3.6
Prototype Pollution - https://npmjs.com/advisories/1589
fix available via npm audit fix
node_modules/ini
node-fetch <=2.6.0 || 3.0.0-beta.1 - 3.0.0-beta.8
Denial of Service - https://npmjs.com/advisories/1556
fix available via npm audit fix --force
Will install [email protected], which is outside the stated dependency range
node_modules/@ampproject/toolbox-optimizer/node_modules/node-fetch
node_modules/cross-fetch/node_modules/node-fetch
@ampproject/toolbox-optimizer 2.5.0-alpha.0 - 2.7.1-alpha.0
Depends on vulnerable versions of cross-fetch
Depends on vulnerable versions of node-fetch
node_modules/@ampproject/toolbox-optimizer
next 9.2.1-canary.0 - 10.0.7-canary.8
Depends on vulnerable versions of @ampproject/toolbox-optimizer
Depends on vulnerable versions of resolve-url-loader
node_modules/next
cross-fetch <=3.0.5
Depends on vulnerable versions of node-fetch
node_modules/cross-fetch
@ampproject/toolbox-validator-rules <=2.5.4
Depends on vulnerable versions of cross-fetch
node_modules/@ampproject/toolbox-validator-rules
object-path < 0.11.5
Severity: high
Prototype Pollution - https://npmjs.com/advisories/1573
fix available via npm audit fix --force
Will install [email protected], which is outside the stated dependency range
node_modules/object-path
adjust-sourcemap-loader 0.1.0 - 2.0.0
Depends on vulnerable versions of object-path
node_modules/adjust-sourcemap-loader
resolve-url-loader 0.0.1-experiment-postcss || 2.0.0 - 3.1.1 || 4.0.0-alpha.1
Depends on vulnerable versions of adjust-sourcemap-loader
node_modules/resolve-url-loader
next 9.2.1-canary.0 - 10.0.7-canary.8
Depends on vulnerable versions of @ampproject/toolbox-optimizer
Depends on vulnerable versions of resolve-url-loader
node_modules/next
9 vulnerabilities (5 low, 4 high)
