Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packj audit found risky dependencies! #4

Open
github-actions bot opened this issue Oct 11, 2022 · 0 comments
Open

Packj audit found risky dependencies! #4

github-actions bot opened this issue Oct 11, 2022 · 0 comments

Comments

@github-actions
Copy link

Packj audit found 6/6 risky dependencies.

Click here for details
Registry Package Version Risks
pypi six 1.11.0

undesirable

. Click for details
  • package is old or abandoned: 1849 days old
    		•
    pypi tldextract 3.1.2

    undesirable

    . Click for details
  • package is old or abandoned: 405 days old
    		•
    pypi PyYAML 6.0

    undesirable

    . Click for details
  • accesses obfuscated (hidden) code: reads hidden code
    		•
    pypi requests 2.18.4

    undesirable

    . Click for details
  • package is old or abandoned: 1883 days old

    • vulnerable

    . Click for details
  • contains known vulnerabilities: contains CVE-2018-18074,CVE-2018-18074
    		•
    npm axios 0.27.2

    undesirable

    . Click for details
  • invalid or no author email: no email
  • accesses obfuscated (hidden) code: reads hidden code
    		•
    npm fastify 4.4.0

    vulnerable

    . Click for details
  • contains known vulnerabilities: contains CVE-2022-39288

    • undesirable

    . Click for details
  • accesses obfuscated (hidden) code: reads hidden code
    		•
    Triggered by workflow run 4 on commit 9dcdf5936ed7cbf92a16af3e08ff87b486a26af0
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    None yet
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    0 participants