🛠 Repo: Several packages reported by npm audit #5070
Labels
area: security
involving vulnerabilities
status: accepting prs
Mocha can use your help with this one!
Tooling Suggestion Checklist
master
branch of the repository.faq
label, but none matched my issue.Overview
Running
npm audit
reports58 vulnerabilities (34 moderate, 23 high, 1 critical)
:@babel/traverse <7.23.2
axios 0.8.1 - 1.5.1
browserify-sign 2.6.0 - 4.2.1
debug <=2.6.8
engine.io 5.1.0 - 6.4.1
get-func-name <2.0.1
got <=11.8.3
http-cache-semantics <4.1.1
liquidjs <10.0.0
markdown-it <12.3.2
ms <2.0.0
nth-check <2.0.1
nunjucks <3.2.4
postcss <8.4.31
request *
semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
semver-regex <=3.1.3
socket.io-parser 4.0.4 - 4.2.2
taffydb *
tough-cookie <4.1.3
trim-newlines <3.0.1
word-wrap <1.2.4
After running
npm audit fix
locally,npm audit
reports50 vulnerabilities (30 moderate, 20 high)
:axios 0.8.1 - 1.5.1
debug <=2.6.8
got <=11.8.3
http-cache-semantics <4.1.1
liquidjs <10.0.0
markdown-it <12.3.2
ms <2.0.0
nth-check <2.0.1
postcss <8.4.31
request *
semver-regex <=3.1.3
taffydb *
tough-cookie <4.1.3
trim-newlines <3.0.1
Additional Info
It's the nature of package vulnerability alerts that most or all of these are false flags. But it's good practice to stay up-to-date just in case.
The text was updated successfully, but these errors were encountered: