webpack-boilerplate
webpack-boilerplate copied to clipboard
Published
20 hours ago •
taniarascia
taniarascia
npm audit fix
Version of some indirect dependencies had to be bumped. Version in package-lock.json also updated with version from package.json
# npm audit report
ansi-regex 4.0.0 - 4.1.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/cliui/node_modules/ansi-regex
node_modules/wrap-ansi/node_modules/ansi-regex
node_modules/yargs/node_modules/ansi-regex
async 2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix`
node_modules/async
follow-redirects <=1.14.7
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
fix available via `npm audit fix`
node_modules/follow-redirects
json-schema <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/jsprim
minimist <1.2.6
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist
nanoid 3.0.0 - 3.1.30
Severity: moderate
Exposure of Sensitive Information to an Unauthorized Actor in nanoid - https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
fix available via `npm audit fix`
node_modules/nanoid
node-forge <=1.2.1
Severity: moderate
Open Redirect in node-forge - https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
Improper Verification of Cryptographic Signature in `node-forge` - https://github.com/advisories/GHSA-2r2c-g63r-vccr
fix available via `npm audit fix`
node_modules/node-forge
selfsigned 1.1.1 - 1.10.14
Depends on vulnerable versions of node-forge
node_modules/selfsigned
webpack-dev-server 2.5.0 - 4.7.2
Depends on vulnerable versions of selfsigned
node_modules/webpack-dev-server
node-sass 2.0.0 - 6.0.1
Severity: moderate
Improper Certificate Validation in node-sass - https://github.com/advisories/GHSA-r8f7-9pfq-mjmv
fix available via `npm audit fix`
node_modules/node-sass
sass-loader 0.4.0-beta.1 - 6.0.7 || 8.0.0 - 12.3.0
Depends on vulnerable versions of node-sass
node_modules/sass-loader
12 vulnerabilities (6 moderate, 3 high, 3 critical)
To address all issues, run:
npm audit fix
