Untitled
unknown
plain_text
2 years ago
41 kB
7
Indexable
npm audit fix --force npm WARN using --force Recommended protections disabled. npm WARN audit No fix available for @nomicfoundation/hardhat-toolbox@* npm WARN ERESOLVE overriding peer dependency npm WARN While resolving: @nomicfoundation/hardhat-toolbox@1.0.2 npm WARN Found: @types/mocha@10.0.1 npm WARN node_modules/@types/mocha npm WARN dev @types/mocha@"^10.0.1" from the root project npm WARN npm WARN Could not resolve dependency: npm WARN peer @types/mocha@"^9.1.0" from @nomicfoundation/hardhat-toolbox@1.0.2 npm WARN node_modules/@nomicfoundation/hardhat-toolbox npm WARN dev @nomicfoundation/hardhat-toolbox@"^1.0.2" from the root project npm WARN npm WARN Conflicting peer dependency: @types/mocha@9.1.1 npm WARN node_modules/@types/mocha npm WARN peer @types/mocha@"^9.1.0" from @nomicfoundation/hardhat-toolbox@1.0.2 npm WARN node_modules/@nomicfoundation/hardhat-toolbox npm WARN dev @nomicfoundation/hardhat-toolbox@"^1.0.2" from the root project npm WARN deprecated uuid@2.0.1: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated uuid@2.0.1: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated uuid@2.0.1: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated uuid@2.0.1: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. added 40 packages, removed 6 packages, changed 1 package, and audited 2030 packages in 18s 183 packages are looking for funding run `npm fund` for details # npm audit report async 2.0.0 - 2.6.3 Severity: high Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25 fix available via `npm audit fix` node_modules/ganache-core/node_modules/async ganache-core * Depends on vulnerable versions of async Depends on vulnerable versions of web3 Depends on vulnerable versions of web3-provider-engine node_modules/ganache-core @ethereum-waffle/provider <=4.0.0-dev.e3fa452 Depends on vulnerable versions of ganache-core node_modules/@ethereum-waffle/provider @ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452 Depends on vulnerable versions of @ethereum-waffle/provider node_modules/@ethereum-waffle/chai ethereum-waffle >=2.3.0-istanbul.0 Depends on vulnerable versions of @ethereum-waffle/chai Depends on vulnerable versions of @ethereum-waffle/compiler Depends on vulnerable versions of @ethereum-waffle/provider node_modules/ethereum-waffle cookiejar <2.1.4 Severity: moderate cookiejar Regular Expression Denial of Service via Cookie.parse function - https://github.com/advisories/GHSA-h452-7996-h45h fix available via `npm audit fix` node_modules/ganache-core/node_modules/cookiejar cross-fetch <=2.2.5 || 3.0.0 - 3.1.4 || 3.2.0-alpha.0 - 3.2.0-alpha.2 Severity: high Incorrect Authorization in cross-fetch - https://github.com/advisories/GHSA-7gc6-qh9x-w6h8 Depends on vulnerable versions of node-fetch fix available via `npm audit fix` node_modules/ganache-core/node_modules/cross-fetch decode-uri-component <0.2.1 Severity: high decode-uri-component vulnerable to Denial of Service (DoS) - https://github.com/advisories/GHSA-w573-4hg7-7wgq fix available via `npm audit fix` node_modules/ganache-core/node_modules/decode-uri-component elliptic <6.5.4 Severity: moderate Use of a Broken or Risky Cryptographic Algorithm - https://github.com/advisories/GHSA-r9p9-mrjm-926w fix available via `npm audit fix` node_modules/ganache-core/node_modules/elliptic @ethersproject/signing-key <=5.0.9 Depends on vulnerable versions of elliptic node_modules/ganache-core/node_modules/@ethersproject/signing-key flat <5.0.1 Severity: critical flat vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-2j2x-2gpw-g8fm No fix available node_modules/eth-gas-reporter/node_modules/flat yargs-unparser <=1.6.3 Depends on vulnerable versions of flat node_modules/eth-gas-reporter/node_modules/yargs-unparser mocha 5.1.0 - 9.2.1 Depends on vulnerable versions of minimatch Depends on vulnerable versions of yargs-unparser node_modules/eth-gas-reporter/node_modules/mocha eth-gas-reporter >=0.0.5 Depends on vulnerable versions of mocha Depends on vulnerable versions of request node_modules/eth-gas-reporter hardhat-gas-reporter * Depends on vulnerable versions of eth-gas-reporter node_modules/hardhat-gas-reporter @nomicfoundation/hardhat-toolbox * Depends on vulnerable versions of hardhat-gas-reporter Depends on vulnerable versions of solidity-coverage node_modules/@nomicfoundation/hardhat-toolbox got <11.8.5 Severity: moderate Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97 No fix available node_modules/ganache-core/node_modules/got node_modules/ganache-core/node_modules/swarm-js/node_modules/got node_modules/got swarm-js 0.1.1 - 0.1.17 || >=0.1.35 Depends on vulnerable versions of eth-lib Depends on vulnerable versions of got node_modules/ganache-core/node_modules/swarm-js node_modules/swarm-js web3-bzz * Depends on vulnerable versions of got Depends on vulnerable versions of swarm-js Depends on vulnerable versions of underscore node_modules/@truffle/interface-adapter/node_modules/web3-bzz node_modules/ganache-core/node_modules/web3-bzz node_modules/web3-bzz web3 <=3.0.0-rc.4 Depends on vulnerable versions of web3-bzz Depends on vulnerable versions of web3-bzz Depends on vulnerable versions of web3-eth Depends on vulnerable versions of web3-shh node_modules/@truffle/interface-adapter/node_modules/web3 node_modules/ganache-core/node_modules/web3 node_modules/web3 @truffle/interface-adapter * Depends on vulnerable versions of web3 node_modules/@truffle/interface-adapter @truffle/provider * Depends on vulnerable versions of @truffle/interface-adapter Depends on vulnerable versions of web3 node_modules/@truffle/provider solidity-coverage 0.7.0-beta.0 - 0.8.0-rc.test.0 Depends on vulnerable versions of @truffle/provider node_modules/solidity-coverage @nomicfoundation/hardhat-toolbox * Depends on vulnerable versions of hardhat-gas-reporter Depends on vulnerable versions of solidity-coverage node_modules/@nomicfoundation/hardhat-toolbox ganache-core * Depends on vulnerable versions of async Depends on vulnerable versions of web3 Depends on vulnerable versions of web3-provider-engine node_modules/ganache-core @ethereum-waffle/provider <=4.0.0-dev.e3fa452 Depends on vulnerable versions of ganache-core node_modules/@ethereum-waffle/provider @ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452 Depends on vulnerable versions of @ethereum-waffle/provider node_modules/@ethereum-waffle/chai ethereum-waffle >=2.3.0-istanbul.0 Depends on vulnerable versions of @ethereum-waffle/chai Depends on vulnerable versions of @ethereum-waffle/compiler Depends on vulnerable versions of @ethereum-waffle/provider node_modules/ethereum-waffle http-cache-semantics <4.1.1 Severity: high http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j fix available via `npm audit fix` node_modules/ganache-core/node_modules/http-cache-semantics json-schema <0.4.0 Severity: critical json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw fix available via `npm audit fix` node_modules/ganache-core/node_modules/json-schema jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1 Depends on vulnerable versions of json-schema node_modules/ganache-core/node_modules/jsprim json5 <1.0.2 Severity: high Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h fix available via `npm audit fix` node_modules/ganache-core/node_modules/babel-core/node_modules/json5 babel-core 5.8.20 - 7.0.0-beta.3 Depends on vulnerable versions of babel-register Depends on vulnerable versions of json5 node_modules/ganache-core/node_modules/babel-core babel-register * Depends on vulnerable versions of babel-core node_modules/ganache-core/node_modules/babel-register babelify 7.0.0 - 7.3.0 Depends on vulnerable versions of babel-core node_modules/ganache-core/node_modules/babelify json-rpc-engine 2.2.0 - 4.0.0 Depends on vulnerable versions of babelify node_modules/ganache-core/node_modules/json-rpc-engine eth-block-tracker 2.3.0 - 3.0.1 Depends on vulnerable versions of json-rpc-engine node_modules/ganache-core/node_modules/eth-block-tracker web3-provider-engine * Depends on vulnerable versions of eth-block-tracker Depends on vulnerable versions of eth-json-rpc-infura Depends on vulnerable versions of request node_modules/ganache-core/node_modules/web3-provider-engine ganache-core * Depends on vulnerable versions of async Depends on vulnerable versions of web3 Depends on vulnerable versions of web3-provider-engine node_modules/ganache-core @ethereum-waffle/provider <=4.0.0-dev.e3fa452 Depends on vulnerable versions of ganache-core node_modules/@ethereum-waffle/provider @ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452 Depends on vulnerable versions of @ethereum-waffle/provider node_modules/@ethereum-waffle/chai ethereum-waffle >=2.3.0-istanbul.0 Depends on vulnerable versions of @ethereum-waffle/chai Depends on vulnerable versions of @ethereum-waffle/compiler Depends on vulnerable versions of @ethereum-waffle/provider node_modules/ethereum-waffle eth-json-rpc-infura <=5.0.0 Depends on vulnerable versions of eth-json-rpc-middleware Depends on vulnerable versions of json-rpc-engine node_modules/ganache-core/node_modules/eth-json-rpc-infura eth-json-rpc-middleware 1.1.0 - 5.1.0 Depends on vulnerable versions of eth-tx-summary Depends on vulnerable versions of ethereumjs-block Depends on vulnerable versions of fetch-ponyfill Depends on vulnerable versions of json-rpc-engine node_modules/ganache-core/node_modules/eth-json-rpc-middleware lodash <4.17.21 Severity: high Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm fix available via `npm audit fix` node_modules/ganache-core/node_modules/lodash minimatch <3.0.5 Severity: high minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3 No fix available node_modules/eth-gas-reporter/node_modules/minimatch node_modules/ganache-core/node_modules/minimatch mocha 5.1.0 - 9.2.1 Depends on vulnerable versions of minimatch Depends on vulnerable versions of yargs-unparser node_modules/eth-gas-reporter/node_modules/mocha eth-gas-reporter >=0.0.5 Depends on vulnerable versions of mocha Depends on vulnerable versions of request node_modules/eth-gas-reporter hardhat-gas-reporter * Depends on vulnerable versions of eth-gas-reporter node_modules/hardhat-gas-reporter @nomicfoundation/hardhat-toolbox * Depends on vulnerable versions of hardhat-gas-reporter Depends on vulnerable versions of solidity-coverage node_modules/@nomicfoundation/hardhat-toolbox minimist 1.0.0 - 1.2.5 Severity: critical Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h fix available via `npm audit fix` node_modules/ganache-core/node_modules/minimist node-fetch <=2.6.6 Severity: high node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g The `size` option isn't honored after following a redirect in node-fetch - https://github.com/advisories/GHSA-w7rc-rwvf-8q5r fix available via `npm audit fix` node_modules/ganache-core/node_modules/fetch-ponyfill/node_modules/node-fetch node_modules/ganache-core/node_modules/node-fetch cross-fetch <=2.2.5 || 3.0.0 - 3.1.4 || 3.2.0-alpha.0 - 3.2.0-alpha.2 Depends on vulnerable versions of node-fetch node_modules/ganache-core/node_modules/cross-fetch fetch-ponyfill 1.0.0 - 6.0.2 Depends on vulnerable versions of node-fetch node_modules/ganache-core/node_modules/fetch-ponyfill eth-json-rpc-middleware 1.1.0 - 5.1.0 Depends on vulnerable versions of eth-tx-summary Depends on vulnerable versions of ethereumjs-block Depends on vulnerable versions of fetch-ponyfill Depends on vulnerable versions of json-rpc-engine node_modules/ganache-core/node_modules/eth-json-rpc-middleware eth-json-rpc-infura <=5.0.0 Depends on vulnerable versions of eth-json-rpc-middleware Depends on vulnerable versions of json-rpc-engine node_modules/ganache-core/node_modules/eth-json-rpc-infura web3-provider-engine * Depends on vulnerable versions of eth-block-tracker Depends on vulnerable versions of eth-json-rpc-infura Depends on vulnerable versions of request node_modules/ganache-core/node_modules/web3-provider-engine ganache-core * Depends on vulnerable versions of async Depends on vulnerable versions of web3 Depends on vulnerable versions of web3-provider-engine node_modules/ganache-core @ethereum-waffle/provider <=4.0.0-dev.e3fa452 Depends on vulnerable versions of ganache-core node_modules/@ethereum-waffle/provider @ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452 Depends on vulnerable versions of @ethereum-waffle/provider node_modules/@ethereum-waffle/chai ethereum-waffle >=2.3.0-istanbul.0 Depends on vulnerable versions of @ethereum-waffle/chai Depends on vulnerable versions of @ethereum-waffle/compiler Depends on vulnerable versions of @ethereum-waffle/provider node_modules/ethereum-waffle normalize-url 4.3.0 - 4.5.0 Severity: high ReDoS in normalize-url - https://github.com/advisories/GHSA-px4h-xg32-q955 fix available via `npm audit fix` node_modules/ganache-core/node_modules/normalize-url path-parse <1.0.7 Severity: moderate Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9 fix available via `npm audit fix` node_modules/ganache-core/node_modules/path-parse qs 6.5.0 - 6.5.2 || 6.7.0 - 6.7.2 Severity: high qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp fix available via `npm audit fix` node_modules/ganache-core/node_modules/body-parser/node_modules/qs node_modules/ganache-core/node_modules/express/node_modules/qs node_modules/ganache-core/node_modules/qs body-parser 1.19.0 Depends on vulnerable versions of qs node_modules/ganache-core/node_modules/body-parser express 4.17.0 - 4.17.1 || 5.0.0-alpha.1 - 5.0.0-alpha.8 Depends on vulnerable versions of qs node_modules/ganache-core/node_modules/express request * Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 Depends on vulnerable versions of tough-cookie No fix available node_modules/ganache-core/node_modules/request node_modules/request @resolver-engine/core * Depends on vulnerable versions of request node_modules/@resolver-engine/core @resolver-engine/fs * Depends on vulnerable versions of @resolver-engine/core node_modules/@resolver-engine/fs @resolver-engine/imports * Depends on vulnerable versions of @resolver-engine/core node_modules/@resolver-engine/imports @ethereum-waffle/compiler * Depends on vulnerable versions of @resolver-engine/imports node_modules/@ethereum-waffle/compiler ethereum-waffle >=2.3.0-istanbul.0 Depends on vulnerable versions of @ethereum-waffle/chai Depends on vulnerable versions of @ethereum-waffle/compiler Depends on vulnerable versions of @ethereum-waffle/provider node_modules/ethereum-waffle @resolver-engine/imports-fs * Depends on vulnerable versions of @resolver-engine/imports node_modules/@resolver-engine/imports-fs eth-gas-reporter >=0.0.5 Depends on vulnerable versions of mocha Depends on vulnerable versions of request node_modules/eth-gas-reporter hardhat-gas-reporter * Depends on vulnerable versions of eth-gas-reporter node_modules/hardhat-gas-reporter @nomicfoundation/hardhat-toolbox * Depends on vulnerable versions of hardhat-gas-reporter Depends on vulnerable versions of solidity-coverage node_modules/@nomicfoundation/hardhat-toolbox request-promise-core * Depends on vulnerable versions of request node_modules/request-promise-core request-promise-native >=1.0.0 Depends on vulnerable versions of request Depends on vulnerable versions of request-promise-core Depends on vulnerable versions of tough-cookie node_modules/request-promise-native servify * Depends on vulnerable versions of request node_modules/ganache-core/node_modules/servify node_modules/servify eth-lib 0.1.24 - 0.1.29 Depends on vulnerable versions of servify node_modules/eth-lib node_modules/ganache-core/node_modules/eth-lib swarm-js 0.1.1 - 0.1.17 || >=0.1.35 Depends on vulnerable versions of eth-lib Depends on vulnerable versions of got node_modules/ganache-core/node_modules/swarm-js node_modules/swarm-js web3-bzz * Depends on vulnerable versions of got Depends on vulnerable versions of swarm-js Depends on vulnerable versions of underscore node_modules/@truffle/interface-adapter/node_modules/web3-bzz node_modules/ganache-core/node_modules/web3-bzz node_modules/web3-bzz web3 <=3.0.0-rc.4 Depends on vulnerable versions of web3-bzz Depends on vulnerable versions of web3-bzz Depends on vulnerable versions of web3-eth Depends on vulnerable versions of web3-shh node_modules/@truffle/interface-adapter/node_modules/web3 node_modules/ganache-core/node_modules/web3 node_modules/web3 @truffle/interface-adapter * Depends on vulnerable versions of web3 node_modules/@truffle/interface-adapter @truffle/provider * Depends on vulnerable versions of @truffle/interface-adapter Depends on vulnerable versions of web3 node_modules/@truffle/provider solidity-coverage 0.7.0-beta.0 - 0.8.0-rc.test.0 Depends on vulnerable versions of @truffle/provider node_modules/solidity-coverage ganache-core * Depends on vulnerable versions of async Depends on vulnerable versions of web3 Depends on vulnerable versions of web3-provider-engine node_modules/ganache-core @ethereum-waffle/provider <=4.0.0-dev.e3fa452 Depends on vulnerable versions of ganache-core node_modules/@ethereum-waffle/provider @ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452 Depends on vulnerable versions of @ethereum-waffle/provider node_modules/@ethereum-waffle/chai web3-provider-engine * Depends on vulnerable versions of eth-block-tracker Depends on vulnerable versions of eth-json-rpc-infura Depends on vulnerable versions of request node_modules/ganache-core/node_modules/web3-provider-engine semver <5.7.2 Severity: moderate semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw fix available via `npm audit fix` node_modules/ganache-core/node_modules/babel-preset-env/node_modules/semver node_modules/ganache-core/node_modules/eth-json-rpc-middleware/node_modules/semver node_modules/ganache-core/node_modules/eth-tx-summary/node_modules/semver node_modules/ganache-core/node_modules/ethereumjs-block/node_modules/semver node_modules/ganache-core/node_modules/ethereumjs-vm/node_modules/semver node_modules/ganache-core/node_modules/patch-package/node_modules/semver node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/semver levelup 0.9.0 - 1.3.9 Depends on vulnerable versions of semver node_modules/ganache-core/node_modules/eth-json-rpc-middleware/node_modules/levelup node_modules/ganache-core/node_modules/eth-tx-summary/node_modules/levelup node_modules/ganache-core/node_modules/ethereumjs-block/node_modules/levelup node_modules/ganache-core/node_modules/ethereumjs-vm/node_modules/levelup node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/levelup merkle-patricia-tree 0.1.22 - 2.3.2 Depends on vulnerable versions of levelup node_modules/ganache-core/node_modules/eth-json-rpc-middleware/node_modules/merkle-patricia-tree node_modules/ganache-core/node_modules/eth-tx-summary/node_modules/merkle-patricia-tree node_modules/ganache-core/node_modules/ethereumjs-block/node_modules/merkle-patricia-tree node_modules/ganache-core/node_modules/ethereumjs-vm/node_modules/merkle-patricia-tree node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/merkle-patricia-tree ethereumjs-block >=0.0.3 Depends on vulnerable versions of merkle-patricia-tree node_modules/ganache-core/node_modules/eth-json-rpc-middleware/node_modules/ethereumjs-block node_modules/ganache-core/node_modules/eth-json-rpc-middleware/node_modules/ethereumjs-vm/node_modules/ethereumjs-block node_modules/ganache-core/node_modules/eth-tx-summary/node_modules/ethereumjs-block node_modules/ganache-core/node_modules/eth-tx-summary/node_modules/ethereumjs-vm/node_modules/ethereumjs-block node_modules/ganache-core/node_modules/ethereumjs-block node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/ethereumjs-block node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/ethereumjs-vm/node_modules/ethereumjs-block eth-json-rpc-middleware 1.1.0 - 5.1.0 Depends on vulnerable versions of eth-tx-summary Depends on vulnerable versions of ethereumjs-block Depends on vulnerable versions of fetch-ponyfill Depends on vulnerable versions of json-rpc-engine node_modules/ganache-core/node_modules/eth-json-rpc-middleware eth-json-rpc-infura <=5.0.0 Depends on vulnerable versions of eth-json-rpc-middleware Depends on vulnerable versions of json-rpc-engine node_modules/ganache-core/node_modules/eth-json-rpc-infura web3-provider-engine * Depends on vulnerable versions of eth-block-tracker Depends on vulnerable versions of eth-json-rpc-infura Depends on vulnerable versions of request node_modules/ganache-core/node_modules/web3-provider-engine ganache-core * Depends on vulnerable versions of async Depends on vulnerable versions of web3 Depends on vulnerable versions of web3-provider-engine node_modules/ganache-core @ethereum-waffle/provider <=4.0.0-dev.e3fa452 Depends on vulnerable versions of ganache-core node_modules/@ethereum-waffle/provider @ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452 Depends on vulnerable versions of @ethereum-waffle/provider node_modules/@ethereum-waffle/chai ethereum-waffle >=2.3.0-istanbul.0 Depends on vulnerable versions of @ethereum-waffle/chai Depends on vulnerable versions of @ethereum-waffle/compiler Depends on vulnerable versions of @ethereum-waffle/provider node_modules/ethereum-waffle eth-tx-summary * Depends on vulnerable versions of ethereumjs-block node_modules/ganache-core/node_modules/eth-tx-summary ethereumjs-blockchain * Depends on vulnerable versions of ethereumjs-block node_modules/ganache-core/node_modules/ethereumjs-blockchain ethereumjs-vm >=0.1.1 Depends on vulnerable versions of ethereumjs-block Depends on vulnerable versions of ethereumjs-blockchain Depends on vulnerable versions of merkle-patricia-tree node_modules/ganache-core/node_modules/eth-json-rpc-middleware/node_modules/ethereumjs-vm node_modules/ganache-core/node_modules/eth-tx-summary/node_modules/ethereumjs-vm node_modules/ganache-core/node_modules/ethereumjs-vm node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/ethereumjs-vm simple-get <2.8.2 Severity: high Exposure of Sensitive Information in simple-get - https://github.com/advisories/GHSA-wpg7-2c88-r8xv fix available via `npm audit fix` node_modules/ganache-core/node_modules/simple-get tar <=4.4.17 Severity: high Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh fix available via `npm audit fix` node_modules/ganache-core/node_modules/tar tough-cookie <4.1.3 Severity: moderate tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3 No fix available node_modules/ganache-core/node_modules/tough-cookie node_modules/tough-cookie request * Depends on vulnerable versions of tough-cookie node_modules/ganache-core/node_modules/request node_modules/request @resolver-engine/core * Depends on vulnerable versions of request node_modules/@resolver-engine/core @resolver-engine/fs * Depends on vulnerable versions of @resolver-engine/core node_modules/@resolver-engine/fs @resolver-engine/imports * Depends on vulnerable versions of @resolver-engine/core node_modules/@resolver-engine/imports @ethereum-waffle/compiler * Depends on vulnerable versions of @resolver-engine/imports node_modules/@ethereum-waffle/compiler ethereum-waffle >=2.3.0-istanbul.0 Depends on vulnerable versions of @ethereum-waffle/chai Depends on vulnerable versions of @ethereum-waffle/compiler Depends on vulnerable versions of @ethereum-waffle/provider node_modules/ethereum-waffle @resolver-engine/imports-fs * Depends on vulnerable versions of @resolver-engine/imports node_modules/@resolver-engine/imports-fs eth-gas-reporter >=0.0.5 Depends on vulnerable versions of mocha Depends on vulnerable versions of request node_modules/eth-gas-reporter hardhat-gas-reporter * Depends on vulnerable versions of eth-gas-reporter node_modules/hardhat-gas-reporter @nomicfoundation/hardhat-toolbox * Depends on vulnerable versions of hardhat-gas-reporter Depends on vulnerable versions of solidity-coverage node_modules/@nomicfoundation/hardhat-toolbox request-promise-core * Depends on vulnerable versions of request node_modules/request-promise-core request-promise-native >=1.0.0 Depends on vulnerable versions of request Depends on vulnerable versions of request-promise-core Depends on vulnerable versions of tough-cookie node_modules/request-promise-native servify * Depends on vulnerable versions of request node_modules/ganache-core/node_modules/servify node_modules/servify eth-lib 0.1.24 - 0.1.29 Depends on vulnerable versions of servify node_modules/eth-lib node_modules/ganache-core/node_modules/eth-lib swarm-js 0.1.1 - 0.1.17 || >=0.1.35 Depends on vulnerable versions of eth-lib Depends on vulnerable versions of got node_modules/ganache-core/node_modules/swarm-js node_modules/swarm-js web3-bzz * Depends on vulnerable versions of got Depends on vulnerable versions of swarm-js Depends on vulnerable versions of underscore node_modules/@truffle/interface-adapter/node_modules/web3-bzz node_modules/ganache-core/node_modules/web3-bzz node_modules/web3-bzz web3 <=3.0.0-rc.4 Depends on vulnerable versions of web3-bzz Depends on vulnerable versions of web3-bzz Depends on vulnerable versions of web3-eth Depends on vulnerable versions of web3-shh node_modules/@truffle/interface-adapter/node_modules/web3 node_modules/ganache-core/node_modules/web3 node_modules/web3 @truffle/interface-adapter * Depends on vulnerable versions of web3 node_modules/@truffle/interface-adapter @truffle/provider * Depends on vulnerable versions of @truffle/interface-adapter Depends on vulnerable versions of web3 node_modules/@truffle/provider solidity-coverage 0.7.0-beta.0 - 0.8.0-rc.test.0 Depends on vulnerable versions of @truffle/provider node_modules/solidity-coverage ganache-core * Depends on vulnerable versions of async Depends on vulnerable versions of web3 Depends on vulnerable versions of web3-provider-engine node_modules/ganache-core @ethereum-waffle/provider <=4.0.0-dev.e3fa452 Depends on vulnerable versions of ganache-core node_modules/@ethereum-waffle/provider @ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452 Depends on vulnerable versions of @ethereum-waffle/provider node_modules/@ethereum-waffle/chai web3-provider-engine * Depends on vulnerable versions of eth-block-tracker Depends on vulnerable versions of eth-json-rpc-infura Depends on vulnerable versions of request node_modules/ganache-core/node_modules/web3-provider-engine underscore 1.3.2 - 1.12.0 Severity: critical Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq No fix available node_modules/ganache-core/node_modules/underscore web3-bzz * Depends on vulnerable versions of got Depends on vulnerable versions of swarm-js Depends on vulnerable versions of underscore node_modules/@truffle/interface-adapter/node_modules/web3-bzz node_modules/ganache-core/node_modules/web3-bzz node_modules/web3-bzz web3 <=3.0.0-rc.4 Depends on vulnerable versions of web3-bzz Depends on vulnerable versions of web3-bzz Depends on vulnerable versions of web3-eth Depends on vulnerable versions of web3-shh node_modules/@truffle/interface-adapter/node_modules/web3 node_modules/ganache-core/node_modules/web3 node_modules/web3 @truffle/interface-adapter * Depends on vulnerable versions of web3 node_modules/@truffle/interface-adapter @truffle/provider * Depends on vulnerable versions of @truffle/interface-adapter Depends on vulnerable versions of web3 node_modules/@truffle/provider solidity-coverage 0.7.0-beta.0 - 0.8.0-rc.test.0 Depends on vulnerable versions of @truffle/provider node_modules/solidity-coverage @nomicfoundation/hardhat-toolbox * Depends on vulnerable versions of hardhat-gas-reporter Depends on vulnerable versions of solidity-coverage node_modules/@nomicfoundation/hardhat-toolbox ganache-core * Depends on vulnerable versions of async Depends on vulnerable versions of web3 Depends on vulnerable versions of web3-provider-engine node_modules/ganache-core @ethereum-waffle/provider <=4.0.0-dev.e3fa452 Depends on vulnerable versions of ganache-core node_modules/@ethereum-waffle/provider @ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452 Depends on vulnerable versions of @ethereum-waffle/provider node_modules/@ethereum-waffle/chai ethereum-waffle >=2.3.0-istanbul.0 Depends on vulnerable versions of @ethereum-waffle/chai Depends on vulnerable versions of @ethereum-waffle/compiler Depends on vulnerable versions of @ethereum-waffle/provider node_modules/ethereum-waffle web3-core-helpers <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-core-helpers web3-core <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-core web3-eth-ens <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-eth-ens web3-eth <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-eth-ens node_modules/ganache-core/node_modules/web3-eth web3-core-method <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-core-method web3-net 1.2.0 - 1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of web3-core-method node_modules/ganache-core/node_modules/web3-net web3-eth-personal <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-net node_modules/ganache-core/node_modules/web3-eth-personal web3-shh <=1.3.5 Depends on vulnerable versions of web3-core-method Depends on vulnerable versions of web3-net node_modules/ganache-core/node_modules/web3-shh web3-core-subscriptions <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-core-subscriptions web3-eth-contract <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-eth-contract web3-providers-http <=1.0.0 || 1.2.0 - 1.3.5 || 3.0.0-rc.0 - 3.0.0-rc.4 Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-providers-http web3-providers-ipc <=1.3.6-rc.2 || 3.0.0-rc.0 - 3.0.0-rc.5 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-providers-ipc web3-providers-ws <=1.3.6-rc.2 || 3.0.0-rc.0 - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-providers-ws web3-core-requestmanager <=1.3.5 || 3.0.0-rc.0 - 3.0.0-rc.4 Depends on vulnerable versions of underscore node_modules/ganache-core/node_modules/web3-core-requestmanager web3-eth-abi <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-eth-abi web3-eth-accounts <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore node_modules/ganache-core/node_modules/web3-eth-accounts web3-utils 1.0.0-beta.8 - 1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore node_modules/ganache-core/node_modules/web3-utils web3-eth-iban <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-eth-iban web3 <=3.0.0-rc.4 Severity: critical Insecure Credential Storage in web3 - https://github.com/advisories/GHSA-27v7-qhfv-rqq8 Depends on vulnerable versions of web3-bzz Depends on vulnerable versions of web3-bzz Depends on vulnerable versions of web3-eth Depends on vulnerable versions of web3-shh No fix available node_modules/@truffle/interface-adapter/node_modules/web3 node_modules/ganache-core/node_modules/web3 node_modules/web3 @truffle/interface-adapter * Depends on vulnerable versions of web3 node_modules/@truffle/interface-adapter @truffle/provider * Depends on vulnerable versions of @truffle/interface-adapter Depends on vulnerable versions of web3 node_modules/@truffle/provider solidity-coverage 0.7.0-beta.0 - 0.8.0-rc.test.0 Depends on vulnerable versions of @truffle/provider node_modules/solidity-coverage @nomicfoundation/hardhat-toolbox * Depends on vulnerable versions of hardhat-gas-reporter Depends on vulnerable versions of solidity-coverage node_modules/@nomicfoundation/hardhat-toolbox ganache-core * Depends on vulnerable versions of async Depends on vulnerable versions of web3 Depends on vulnerable versions of web3-provider-engine node_modules/ganache-core @ethereum-waffle/provider <=4.0.0-dev.e3fa452 Depends on vulnerable versions of ganache-core node_modules/@ethereum-waffle/provider @ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452 Depends on vulnerable versions of @ethereum-waffle/provider node_modules/@ethereum-waffle/chai ethereum-waffle >=2.3.0-istanbul.0 Depends on vulnerable versions of @ethereum-waffle/chai Depends on vulnerable versions of @ethereum-waffle/compiler Depends on vulnerable versions of @ethereum-waffle/provider node_modules/ethereum-waffle ws 5.0.0 - 5.2.2 Severity: moderate ReDoS in Sec-Websocket-Protocol header - https://github.com/advisories/GHSA-6fc8-4gx4-v693 fix available via `npm audit fix` node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/ws 85 vulnerabilities (2 low, 31 moderate, 25 high, 27 critical) To address issues that do not require attention, run: npm audit fix Some issues need review, and may require choosing a different dependency.
Editor is loading...