Untitled
user_1459313
plain_text
2 years ago
15 kB
5
Indexable
################## Finished! уН(ТДтН`)/ ################## added 1392 packages, and audited 1393 packages in 46s 34 packages are looking for funding run `npm fund` for details 78 vulnerabilities (3 low, 15 moderate, 35 high, 25 critical) To address issues that do not require attention, run: npm audit fix To address all issues possible (including breaking changes), run: npm audit fix --force Some issues need review, and may require choosing a different dependency. Run `npm audit` for details. csmm@las7:~/7-days-to-die-server-manager$ npm audit fix npm WARN EBADENGINE Unsupported engine { npm WARN EBADENGINE package: 'csmm@2.2.0', npm WARN EBADENGINE required: { node: '12' }, npm WARN EBADENGINE current: { node: 'v18.16.0', npm: '9.6.7' } npm WARN EBADENGINE } npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated codecov@3.8.3: https://about.codecov.io/blog/codecov-uploader-deprecation-plan/ added 524 packages, removed 20 packages, changed 110 packages, and audited 1897 packages in 23s 92 packages are looking for funding run `npm fund` for details # npm audit report acorn 5.5.0 - 5.7.3 Severity: high Regular Expression Denial of Service in Acorn - https://github.com/advisories/GHSA-6chw-6frg-f759 fix available via `npm audit fix` node_modules/sails-hook-grunt/node_modules/acorn ajv <6.12.3 Severity: moderate Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw fix available via `npm audit fix` node_modules/sails-hook-grunt/node_modules/ajv node_modules/sails-hook-grunt/node_modules/eslint/node_modules/ajv eslint 4.2.0 - 5.0.0-rc.0 Depends on vulnerable versions of ajv node_modules/sails-hook-grunt/node_modules/eslint ansi-regex 3.0.0 Severity: high Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw fix available via `npm audit fix` node_modules/sails-hook-grunt/node_modules/eslint/node_modules/ansi-regex node_modules/sails-hook-grunt/node_modules/inquirer/node_modules/ansi-regex node_modules/sails-hook-grunt/node_modules/string-width/node_modules/ansi-regex async 2.0.0 - 2.6.3 Severity: high Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25 fix available via `npm audit fix --force` Will install sails-mysql@3.0.1, which is a breaking change node_modules/sails-hook-grunt/node_modules/grunt-contrib-watch/node_modules/async node_modules/sails-mysql/node_modules/async node_modules/sails-redis/node_modules/async machinepack-redis <=2.0.6 Depends on vulnerable versions of async Depends on vulnerable versions of machine Depends on vulnerable versions of redis node_modules/sails-redis/node_modules/machinepack-redis sails-redis 1.0.0-0 - 1.0.0 Depends on vulnerable versions of machinepack-redis node_modules/sails-redis sails-mysql 1.0.0-1 - 3.0.0 Depends on vulnerable versions of async Depends on vulnerable versions of machinepack-mysql node_modules/sails-mysql braces <=2.3.0 Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4 Regular Expression Denial of Service (ReDoS) in braces - https://github.com/advisories/GHSA-cwfw-4gq5-mrqx fix available via `npm audit fix` node_modules/liftoff/node_modules/braces micromatch 0.2.0 - 2.3.11 Depends on vulnerable versions of braces Depends on vulnerable versions of parse-glob node_modules/liftoff/node_modules/micromatch findup-sync 0.4.0 - 1.0.0 Depends on vulnerable versions of micromatch node_modules/liftoff/node_modules/findup-sync liftoff 2.2.3 - 2.3.0 Depends on vulnerable versions of findup-sync node_modules/liftoff debug <=2.6.8 Severity: high debug Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-9vvw-cc9w-f27h Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c Depends on vulnerable versions of ms fix available via `npm audit fix` node_modules/sails-hook-grunt/node_modules/mocha/node_modules/debug mocha 0.6.0 - 6.2.2 || 7.0.0-esm1 - 7.1.0 Depends on vulnerable versions of debug Depends on vulnerable versions of diff Depends on vulnerable versions of growl Depends on vulnerable versions of mkdirp node_modules/sails-hook-grunt/node_modules/mocha diff <3.5.0 Severity: high Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-h6ch-v84p-w6p9 fix available via `npm audit fix` node_modules/sails-hook-grunt/node_modules/diff ejs <3.1.7 Severity: critical ejs template injection vulnerability - https://github.com/advisories/GHSA-phwq-j96m-2c2q No fix available node_modules/ejs bull-board * Depends on vulnerable versions of ejs Depends on vulnerable versions of express node_modules/bull-board getobject 0.1.0 Severity: critical Prototype pollution vulnerability in 'getobject' - https://github.com/advisories/GHSA-957j-59c2-j692 No fix available node_modules/sails-hook-grunt/node_modules/getobject grunt-legacy-util <=2.0.0 Depends on vulnerable versions of getobject node_modules/sails-hook-grunt/node_modules/grunt-legacy-util grunt <=1.5.2 Depends on vulnerable versions of grunt-legacy-util node_modules/grunt node_modules/sails-hook-grunt/node_modules/grunt sails-hook-grunt * Depends on vulnerable versions of babel-core Depends on vulnerable versions of grunt Depends on vulnerable versions of grunt-contrib-less node_modules/sails-hook-grunt glob-parent <5.1.2 Severity: high glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6 fix available via `npm audit fix` node_modules/glob-base/node_modules/glob-parent glob-base * Depends on vulnerable versions of glob-parent node_modules/glob-base parse-glob >=2.1.0 Depends on vulnerable versions of glob-base node_modules/parse-glob growl <1.10.0 Severity: critical Growl before 1.10.0 vulnerable to Command Injection - https://github.com/advisories/GHSA-qh2h-chj9-jffq fix available via `npm audit fix` node_modules/sails-hook-grunt/node_modules/growl hosted-git-info <2.8.9 Severity: moderate Regular Expression Denial of Service in hosted-git-info - https://github.com/advisories/GHSA-43f8-2h32-f4cj fix available via `npm audit fix` node_modules/sails-hook-grunt/node_modules/hosted-git-info json-schema <0.4.0 Severity: critical json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw fix available via `npm audit fix` node_modules/sails-hook-grunt/node_modules/json-schema jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1 Depends on vulnerable versions of json-schema node_modules/sails-hook-grunt/node_modules/jsprim json5 <1.0.2 Severity: high Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h No fix available node_modules/sails-hook-grunt/node_modules/json5 babel-core 5.8.20 - 7.0.0-beta.3 Depends on vulnerable versions of babel-register Depends on vulnerable versions of json5 node_modules/sails-hook-grunt/node_modules/babel-core babel-register * Depends on vulnerable versions of babel-core node_modules/sails-hook-grunt/node_modules/babel-register knex <=2.3.0 Severity: critical SQL Injection in knex - https://github.com/advisories/GHSA-58v4-qwx5-7f59 Knex.js has a limited SQL injection vulnerability - https://github.com/advisories/GHSA-4jv9-3563-23j3 Depends on vulnerable versions of minimist fix available via `npm audit fix --force` Will install sails-mysql@3.0.1, which is a breaking change node_modules/knex waterline-sql-builder <=2.0.0 Depends on vulnerable versions of knex node_modules/waterline-sql-builder machinepack-mysql 1.0.0-1 || 2.0.0-1 - 4.0.0 Depends on vulnerable versions of waterline-sql-builder node_modules/machinepack-mysql lodash <=4.17.20 Severity: critical Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm Prototype Pollution in lodash - https://github.com/advisories/GHSA-4xc9-xhrj-v574 Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695 Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9 fix available via `npm audit fix --force` Will install sails-redis@0.10.7, which is a breaking change node_modules/sails-hook-grunt/node_modules/lodash node_modules/sails-redis/node_modules/include-all/node_modules/lodash node_modules/sails-redis/node_modules/rttc/node_modules/lodash include-all 1.0.0 - 2.0.0 Depends on vulnerable versions of lodash node_modules/sails-redis/node_modules/include-all machine 1.3.1 - 15.0.0-24 Depends on vulnerable versions of include-all Depends on vulnerable versions of rttc node_modules/sails-redis/node_modules/machine rttc <=10.0.0-5 Depends on vulnerable versions of lodash node_modules/sails-redis/node_modules/rttc minimatch <3.0.5 Severity: high minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3 fix available via `npm audit fix` node_modules/minimatch node_modules/sails-hook-grunt/node_modules/minimatch minimist <=0.2.3 || 1.0.0 - 1.2.5 Severity: critical Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h fix available via `npm audit fix --force` Will install sails-mysql@3.0.1, which is a breaking change node_modules/knex/node_modules/minimist node_modules/sails-hook-grunt/node_modules/minimist node_modules/sails-hook-grunt/node_modules/mkdirp/node_modules/minimist mkdirp 0.4.1 - 0.5.1 Depends on vulnerable versions of minimist node_modules/sails-hook-grunt/node_modules/mkdirp ms <2.0.0 Severity: moderate Vercel ms Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-w9mr-4mfr-499f fix available via `npm audit fix` node_modules/sails-hook-grunt/node_modules/mocha/node_modules/ms passport <0.6.0 Severity: moderate Passport before 0.6.0 vulnerable to session regeneration when a users logs in or out - https://github.com/advisories/GHSA-v923-w3x8-wh69 fix available via `npm audit fix --force` Will install passport@0.6.0, which is a breaking change node_modules/passport path-parse <1.0.7 Severity: moderate Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9 fix available via `npm audit fix` node_modules/sails-hook-grunt/node_modules/path-parse qs 6.5.0 - 6.5.2 || 6.7.0 - 6.7.2 Severity: high qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp No fix available node_modules/body-parser/node_modules/qs node_modules/express/node_modules/qs node_modules/sails-hook-grunt/node_modules/qs body-parser 1.19.0 Depends on vulnerable versions of qs node_modules/body-parser express 4.17.0 - 4.17.1 || 5.0.0-alpha.1 - 5.0.0-alpha.8 Depends on vulnerable versions of body-parser Depends on vulnerable versions of qs node_modules/express redis 2.6.0 - 3.1.0 Severity: high Node-Redis potential exponential regex in monitor mode - https://github.com/advisories/GHSA-35q2-47q7-3pc3 fix available via `npm audit fix --force` Will install sails-redis@0.10.7, which is a breaking change node_modules/@sailshq/connect-redis/node_modules/redis node_modules/sails-redis/node_modules/redis request * Severity: moderate Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6 fix available via `npm audit fix --force` Will install request-promise-native@0.0.0, which is a breaking change node_modules/request node_modules/sails-hook-grunt/node_modules/request coveralls * Depends on vulnerable versions of request node_modules/coveralls less 1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3 Depends on vulnerable versions of request node_modules/sails-hook-grunt/node_modules/less grunt-contrib-less 0.6.0 - 0.12.0 || 1.0.1 - 1.3.0 Depends on vulnerable versions of less node_modules/sails-hook-grunt/node_modules/grunt-contrib-less request-promise-core * Depends on vulnerable versions of request node_modules/request-promise-core request-promise-native >=1.0.0 Depends on vulnerable versions of request Depends on vulnerable versions of request-promise-core node_modules/request-promise-native trim-newlines <3.0.1 Severity: high Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v fix available via `npm audit fix` node_modules/sails-hook-grunt/node_modules/trim-newlines meow 3.4.0 - 5.0.0 Depends on vulnerable versions of trim-newlines node_modules/sails-hook-grunt/node_modules/meow websocket-extensions <0.1.4 Severity: high Regular Expression Denial of Service in websocket-extensions (NPM package) - https://github.com/advisories/GHSA-g78m-2chm-r7qv fix available via `npm audit fix` node_modules/sails-hook-grunt/node_modules/websocket-extensions 57 vulnerabilities (3 low, 12 moderate, 22 high, 20 critical) To address issues that do not require attention, run: npm audit fix To address all issues possible (including breaking changes), run: npm audit fix --force Some issues need review, and may require choosing a different dependency.
Editor is loading...