npm audit security report run in backend folder shows errors

[adriatic]

Hello @Mcastres

I am learning Strapi by running all existing tutorials with the intent to verify how all of them create "friction-less" experience for newbies. My experience tells me that the errors in the documentation and samples is the guaranteed way to lose new developers. As I believe that Strapi deserves all the help I can muster, I created my first PR (https://github.com/strapi/strapi/pull/5725), after having difficult time running the two first tutorials. Now, I am switching to tutorials referenced in https://strapi.io/blog/ with the same intent to help.

[adriatic]

1. In order to address most of the reported vulnerabilities, I had to run:

npm install [email protected]

2. The following vulnerability is still present

High            Prototype Pollution Protection Bypass

  Package         qs

  Patched in      >=6.0.4 <6.1.0 || >=6.1.2 <6.2.0 || >=6.2.3 <6.3.0 ||
                  >=6.3.2

  Dependency of   strapi

  Path            strapi > koa-qs > qs

  More info       https://npmjs.com/advisories/1469

(I believe that you should address this "centrally"

[adriatic]

It is likely that by installing the [email protected] I broke this app as I got a lot of error messages like

> strapi develop

Building your admin UI with development configuration ...

√ Webpack
  Compiled successfully in 17.40s

[2020-04-12T20:27:21.234Z] error Ignored attempt to bind to get /articles with unknown policy "plugins::users-permissions.permissions"
[2020-04-12T20:27:21.236Z] error Ignored attempt to bind to get /articles/count with unknown policy "plugins::users-permissions.permissions"
[2020-04-12T20:27:21.238Z] error Ignored attempt to bind to get /articles/:id with unknown policy "plugins::users-permissions.permissions"
[2020-04-12T20:27:21.239Z] error Ignored attempt to bind to post /articles with unknown policy "plugins::users-permissions.permissions"
[2020-04-12T20:27:21.239Z] error Ignored attempt to bind to put /articles/:id with unknown policy "plugins::users-permissions.permissions"
[2020-04-12T20:27:21.240Z] error Ignored attempt to bind to delete /articles/:id with unknown policy "plugins::users-permissions.permissions"
[2020-04-12T20:27:21.241Z] error Ignored attempt to bind to get /categories with unknown policy "plugins::users-permissions.permissions"
[2020-04-12T20:27:21.241Z] error Ignored attempt to bind to get /categories/count with unknown policy "plugins::users-permissions.permissions"
[2020-04-12T20:27:21.242Z] error Ignored attempt to bind to get /categories/:id with unknown policy "plugins::users-permissions.permissions"