surge
surge copied to clipboard
Published
20 hours ago •
sintaxi
sintaxi
install of surge results in deprecations and vulnerabilities
$ cd test
johnd@RazerBlade MINGW64 ~/test
$ npm install surge
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
added 112 packages in 10s
4 packages are looking for funding
run `npm fund` for details
johnd@RazerBlade MINGW64 ~/test
$ npm audit
# npm audit report
minimist 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/minimist
surge >=0.1.0
Depends on vulnerable versions of minimist
Depends on vulnerable versions of request
node_modules/surge
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/request
3 vulnerabilities (1 moderate, 2 critical)
To address all issues (including breaking changes), run:
npm audit fix --force
However, even using npm audit fix --force did not clear up the critical vulnerabilities
I use surge to deploy the documentation for the @bevry packages, this has caused all the bevry pakages to be marked as insecure.
