Untitled

 avatar
user_1459313
plain_text
a year ago
15 kB
2
Indexable
Never
##################
Finished! уН(ТДтН`)/
##################


added 1392 packages, and audited 1393 packages in 46s

34 packages are looking for funding
  run `npm fund` for details

78 vulnerabilities (3 low, 15 moderate, 35 high, 25 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.
csmm@las7:~/7-days-to-die-server-manager$ npm audit fix
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'csmm@2.2.0',
npm WARN EBADENGINE   required: { node: '12' },
npm WARN EBADENGINE   current: { node: 'v18.16.0', npm: '9.6.7' }
npm WARN EBADENGINE }
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.
npm WARN deprecated codecov@3.8.3: https://about.codecov.io/blog/codecov-uploader-deprecation-plan/

added 524 packages, removed 20 packages, changed 110 packages, and audited 1897 packages in 23s

92 packages are looking for funding
  run `npm fund` for details

# npm audit report

acorn  5.5.0 - 5.7.3
Severity: high
Regular Expression Denial of Service in Acorn - https://github.com/advisories/GHSA-6chw-6frg-f759
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/acorn

ajv  <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/ajv
node_modules/sails-hook-grunt/node_modules/eslint/node_modules/ajv
  eslint  4.2.0 - 5.0.0-rc.0
  Depends on vulnerable versions of ajv
  node_modules/sails-hook-grunt/node_modules/eslint

ansi-regex  3.0.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/eslint/node_modules/ansi-regex
node_modules/sails-hook-grunt/node_modules/inquirer/node_modules/ansi-regex
node_modules/sails-hook-grunt/node_modules/string-width/node_modules/ansi-regex

async  2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix --force`
Will install sails-mysql@3.0.1, which is a breaking change
node_modules/sails-hook-grunt/node_modules/grunt-contrib-watch/node_modules/async
node_modules/sails-mysql/node_modules/async
node_modules/sails-redis/node_modules/async
  machinepack-redis  <=2.0.6
  Depends on vulnerable versions of async
  Depends on vulnerable versions of machine
  Depends on vulnerable versions of redis
  node_modules/sails-redis/node_modules/machinepack-redis
    sails-redis  1.0.0-0 - 1.0.0
    Depends on vulnerable versions of machinepack-redis
    node_modules/sails-redis
  sails-mysql  1.0.0-1 - 3.0.0
  Depends on vulnerable versions of async
  Depends on vulnerable versions of machinepack-mysql
  node_modules/sails-mysql

braces  <=2.3.0
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
Regular Expression Denial of Service (ReDoS) in braces - https://github.com/advisories/GHSA-cwfw-4gq5-mrqx
fix available via `npm audit fix`
node_modules/liftoff/node_modules/braces
  micromatch  0.2.0 - 2.3.11
  Depends on vulnerable versions of braces
  Depends on vulnerable versions of parse-glob
  node_modules/liftoff/node_modules/micromatch
    findup-sync  0.4.0 - 1.0.0
    Depends on vulnerable versions of micromatch
    node_modules/liftoff/node_modules/findup-sync
      liftoff  2.2.3 - 2.3.0
      Depends on vulnerable versions of findup-sync
      node_modules/liftoff

debug  <=2.6.8
Severity: high
debug Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-9vvw-cc9w-f27h
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
Depends on vulnerable versions of ms
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/mocha/node_modules/debug
  mocha  0.6.0 - 6.2.2 || 7.0.0-esm1 - 7.1.0
  Depends on vulnerable versions of debug
  Depends on vulnerable versions of diff
  Depends on vulnerable versions of growl
  Depends on vulnerable versions of mkdirp
  node_modules/sails-hook-grunt/node_modules/mocha

diff  <3.5.0
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-h6ch-v84p-w6p9
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/diff

ejs  <3.1.7
Severity: critical
ejs template injection vulnerability - https://github.com/advisories/GHSA-phwq-j96m-2c2q
No fix available
node_modules/ejs
  bull-board  *
  Depends on vulnerable versions of ejs
  Depends on vulnerable versions of express
  node_modules/bull-board

getobject  0.1.0
Severity: critical
Prototype pollution vulnerability in 'getobject' - https://github.com/advisories/GHSA-957j-59c2-j692
No fix available
node_modules/sails-hook-grunt/node_modules/getobject
  grunt-legacy-util  <=2.0.0
  Depends on vulnerable versions of getobject
  node_modules/sails-hook-grunt/node_modules/grunt-legacy-util
    grunt  <=1.5.2
    Depends on vulnerable versions of grunt-legacy-util
    node_modules/grunt
    node_modules/sails-hook-grunt/node_modules/grunt
      sails-hook-grunt  *
      Depends on vulnerable versions of babel-core
      Depends on vulnerable versions of grunt
      Depends on vulnerable versions of grunt-contrib-less
      node_modules/sails-hook-grunt

glob-parent  <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix`
node_modules/glob-base/node_modules/glob-parent
  glob-base  *
  Depends on vulnerable versions of glob-parent
  node_modules/glob-base
    parse-glob  >=2.1.0
    Depends on vulnerable versions of glob-base
    node_modules/parse-glob

growl  <1.10.0
Severity: critical
Growl before 1.10.0 vulnerable to Command Injection - https://github.com/advisories/GHSA-qh2h-chj9-jffq
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/growl


hosted-git-info  <2.8.9
Severity: moderate
Regular Expression Denial of Service in hosted-git-info - https://github.com/advisories/GHSA-43f8-2h32-f4cj
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/hosted-git-info

json-schema  <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/json-schema
  jsprim  0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
  Depends on vulnerable versions of json-schema
  node_modules/sails-hook-grunt/node_modules/jsprim

json5  <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
No fix available
node_modules/sails-hook-grunt/node_modules/json5
  babel-core  5.8.20 - 7.0.0-beta.3
  Depends on vulnerable versions of babel-register
  Depends on vulnerable versions of json5
  node_modules/sails-hook-grunt/node_modules/babel-core
    babel-register  *
    Depends on vulnerable versions of babel-core
    node_modules/sails-hook-grunt/node_modules/babel-register

knex  <=2.3.0
Severity: critical
SQL Injection in knex - https://github.com/advisories/GHSA-58v4-qwx5-7f59
Knex.js has a limited SQL injection vulnerability - https://github.com/advisories/GHSA-4jv9-3563-23j3
Depends on vulnerable versions of minimist
fix available via `npm audit fix --force`
Will install sails-mysql@3.0.1, which is a breaking change
node_modules/knex
  waterline-sql-builder  <=2.0.0
  Depends on vulnerable versions of knex
  node_modules/waterline-sql-builder
    machinepack-mysql  1.0.0-1 || 2.0.0-1 - 4.0.0
    Depends on vulnerable versions of waterline-sql-builder
    node_modules/machinepack-mysql

lodash  <=4.17.20
Severity: critical
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-4xc9-xhrj-v574
Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9
fix available via `npm audit fix --force`
Will install sails-redis@0.10.7, which is a breaking change
node_modules/sails-hook-grunt/node_modules/lodash
node_modules/sails-redis/node_modules/include-all/node_modules/lodash
node_modules/sails-redis/node_modules/rttc/node_modules/lodash
  include-all  1.0.0 - 2.0.0
  Depends on vulnerable versions of lodash
  node_modules/sails-redis/node_modules/include-all
    machine  1.3.1 - 15.0.0-24
    Depends on vulnerable versions of include-all
    Depends on vulnerable versions of rttc
    node_modules/sails-redis/node_modules/machine
  rttc  <=10.0.0-5
  Depends on vulnerable versions of lodash
  node_modules/sails-redis/node_modules/rttc

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch
node_modules/sails-hook-grunt/node_modules/minimatch

minimist  <=0.2.3 || 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix --force`
Will install sails-mysql@3.0.1, which is a breaking change
node_modules/knex/node_modules/minimist
node_modules/sails-hook-grunt/node_modules/minimist
node_modules/sails-hook-grunt/node_modules/mkdirp/node_modules/minimist
  mkdirp  0.4.1 - 0.5.1
  Depends on vulnerable versions of minimist
  node_modules/sails-hook-grunt/node_modules/mkdirp

ms  <2.0.0
Severity: moderate
Vercel ms Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-w9mr-4mfr-499f
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/mocha/node_modules/ms

passport  <0.6.0
Severity: moderate
Passport before 0.6.0 vulnerable to session regeneration when a users logs in or out - https://github.com/advisories/GHSA-v923-w3x8-wh69
fix available via `npm audit fix --force`
Will install passport@0.6.0, which is a breaking change
node_modules/passport

path-parse  <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/path-parse

qs  6.5.0 - 6.5.2 || 6.7.0 - 6.7.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
No fix available
node_modules/body-parser/node_modules/qs
node_modules/express/node_modules/qs
node_modules/sails-hook-grunt/node_modules/qs
  body-parser  1.19.0
  Depends on vulnerable versions of qs
  node_modules/body-parser
  express  4.17.0 - 4.17.1 || 5.0.0-alpha.1 - 5.0.0-alpha.8
  Depends on vulnerable versions of body-parser
  Depends on vulnerable versions of qs
  node_modules/express

redis  2.6.0 - 3.1.0
Severity: high
Node-Redis potential exponential regex in monitor mode - https://github.com/advisories/GHSA-35q2-47q7-3pc3
fix available via `npm audit fix --force`
Will install sails-redis@0.10.7, which is a breaking change
node_modules/@sailshq/connect-redis/node_modules/redis
node_modules/sails-redis/node_modules/redis

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
fix available via `npm audit fix --force`
Will install request-promise-native@0.0.0, which is a breaking change
node_modules/request
node_modules/sails-hook-grunt/node_modules/request
  coveralls  *
  Depends on vulnerable versions of request
  node_modules/coveralls
  less  1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3
  Depends on vulnerable versions of request
  node_modules/sails-hook-grunt/node_modules/less
    grunt-contrib-less  0.6.0 - 0.12.0 || 1.0.1 - 1.3.0
    Depends on vulnerable versions of less
    node_modules/sails-hook-grunt/node_modules/grunt-contrib-less
  request-promise-core  *
  Depends on vulnerable versions of request
  node_modules/request-promise-core
    request-promise-native  >=1.0.0
    Depends on vulnerable versions of request
    Depends on vulnerable versions of request-promise-core
    node_modules/request-promise-native

trim-newlines  <3.0.1
Severity: high
Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/trim-newlines
  meow  3.4.0 - 5.0.0
  Depends on vulnerable versions of trim-newlines
  node_modules/sails-hook-grunt/node_modules/meow

websocket-extensions  <0.1.4
Severity: high
Regular Expression Denial of Service in websocket-extensions (NPM package) - https://github.com/advisories/GHSA-g78m-2chm-r7qv
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/websocket-extensions

57 vulnerabilities (3 low, 12 moderate, 22 high, 20 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.