Untitled
user_1459313
plain_text
2 years ago
15 kB
5
Indexable
##################
Finished! уН(ТДтН`)/
##################
added 1392 packages, and audited 1393 packages in 46s
34 packages are looking for funding
run `npm fund` for details
78 vulnerabilities (3 low, 15 moderate, 35 high, 25 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
csmm@las7:~/7-days-to-die-server-manager$ npm audit fix
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: 'csmm@2.2.0',
npm WARN EBADENGINE required: { node: '12' },
npm WARN EBADENGINE current: { node: 'v18.16.0', npm: '9.6.7' }
npm WARN EBADENGINE }
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated uuid@3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated codecov@3.8.3: https://about.codecov.io/blog/codecov-uploader-deprecation-plan/
added 524 packages, removed 20 packages, changed 110 packages, and audited 1897 packages in 23s
92 packages are looking for funding
run `npm fund` for details
# npm audit report
acorn 5.5.0 - 5.7.3
Severity: high
Regular Expression Denial of Service in Acorn - https://github.com/advisories/GHSA-6chw-6frg-f759
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/acorn
ajv <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/ajv
node_modules/sails-hook-grunt/node_modules/eslint/node_modules/ajv
eslint 4.2.0 - 5.0.0-rc.0
Depends on vulnerable versions of ajv
node_modules/sails-hook-grunt/node_modules/eslint
ansi-regex 3.0.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/eslint/node_modules/ansi-regex
node_modules/sails-hook-grunt/node_modules/inquirer/node_modules/ansi-regex
node_modules/sails-hook-grunt/node_modules/string-width/node_modules/ansi-regex
async 2.0.0 - 2.6.3
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix --force`
Will install sails-mysql@3.0.1, which is a breaking change
node_modules/sails-hook-grunt/node_modules/grunt-contrib-watch/node_modules/async
node_modules/sails-mysql/node_modules/async
node_modules/sails-redis/node_modules/async
machinepack-redis <=2.0.6
Depends on vulnerable versions of async
Depends on vulnerable versions of machine
Depends on vulnerable versions of redis
node_modules/sails-redis/node_modules/machinepack-redis
sails-redis 1.0.0-0 - 1.0.0
Depends on vulnerable versions of machinepack-redis
node_modules/sails-redis
sails-mysql 1.0.0-1 - 3.0.0
Depends on vulnerable versions of async
Depends on vulnerable versions of machinepack-mysql
node_modules/sails-mysql
braces <=2.3.0
Regular Expression Denial of Service in braces - https://github.com/advisories/GHSA-g95f-p29q-9xw4
Regular Expression Denial of Service (ReDoS) in braces - https://github.com/advisories/GHSA-cwfw-4gq5-mrqx
fix available via `npm audit fix`
node_modules/liftoff/node_modules/braces
micromatch 0.2.0 - 2.3.11
Depends on vulnerable versions of braces
Depends on vulnerable versions of parse-glob
node_modules/liftoff/node_modules/micromatch
findup-sync 0.4.0 - 1.0.0
Depends on vulnerable versions of micromatch
node_modules/liftoff/node_modules/findup-sync
liftoff 2.2.3 - 2.3.0
Depends on vulnerable versions of findup-sync
node_modules/liftoff
debug <=2.6.8
Severity: high
debug Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-9vvw-cc9w-f27h
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
Depends on vulnerable versions of ms
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/mocha/node_modules/debug
mocha 0.6.0 - 6.2.2 || 7.0.0-esm1 - 7.1.0
Depends on vulnerable versions of debug
Depends on vulnerable versions of diff
Depends on vulnerable versions of growl
Depends on vulnerable versions of mkdirp
node_modules/sails-hook-grunt/node_modules/mocha
diff <3.5.0
Severity: high
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-h6ch-v84p-w6p9
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/diff
ejs <3.1.7
Severity: critical
ejs template injection vulnerability - https://github.com/advisories/GHSA-phwq-j96m-2c2q
No fix available
node_modules/ejs
bull-board *
Depends on vulnerable versions of ejs
Depends on vulnerable versions of express
node_modules/bull-board
getobject 0.1.0
Severity: critical
Prototype pollution vulnerability in 'getobject' - https://github.com/advisories/GHSA-957j-59c2-j692
No fix available
node_modules/sails-hook-grunt/node_modules/getobject
grunt-legacy-util <=2.0.0
Depends on vulnerable versions of getobject
node_modules/sails-hook-grunt/node_modules/grunt-legacy-util
grunt <=1.5.2
Depends on vulnerable versions of grunt-legacy-util
node_modules/grunt
node_modules/sails-hook-grunt/node_modules/grunt
sails-hook-grunt *
Depends on vulnerable versions of babel-core
Depends on vulnerable versions of grunt
Depends on vulnerable versions of grunt-contrib-less
node_modules/sails-hook-grunt
glob-parent <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix`
node_modules/glob-base/node_modules/glob-parent
glob-base *
Depends on vulnerable versions of glob-parent
node_modules/glob-base
parse-glob >=2.1.0
Depends on vulnerable versions of glob-base
node_modules/parse-glob
growl <1.10.0
Severity: critical
Growl before 1.10.0 vulnerable to Command Injection - https://github.com/advisories/GHSA-qh2h-chj9-jffq
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/growl
hosted-git-info <2.8.9
Severity: moderate
Regular Expression Denial of Service in hosted-git-info - https://github.com/advisories/GHSA-43f8-2h32-f4cj
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/hosted-git-info
json-schema <0.4.0
Severity: critical
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/json-schema
jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1
Depends on vulnerable versions of json-schema
node_modules/sails-hook-grunt/node_modules/jsprim
json5 <1.0.2
Severity: high
Prototype Pollution in JSON5 via Parse Method - https://github.com/advisories/GHSA-9c47-m6qq-7p4h
No fix available
node_modules/sails-hook-grunt/node_modules/json5
babel-core 5.8.20 - 7.0.0-beta.3
Depends on vulnerable versions of babel-register
Depends on vulnerable versions of json5
node_modules/sails-hook-grunt/node_modules/babel-core
babel-register *
Depends on vulnerable versions of babel-core
node_modules/sails-hook-grunt/node_modules/babel-register
knex <=2.3.0
Severity: critical
SQL Injection in knex - https://github.com/advisories/GHSA-58v4-qwx5-7f59
Knex.js has a limited SQL injection vulnerability - https://github.com/advisories/GHSA-4jv9-3563-23j3
Depends on vulnerable versions of minimist
fix available via `npm audit fix --force`
Will install sails-mysql@3.0.1, which is a breaking change
node_modules/knex
waterline-sql-builder <=2.0.0
Depends on vulnerable versions of knex
node_modules/waterline-sql-builder
machinepack-mysql 1.0.0-1 || 2.0.0-1 - 4.0.0
Depends on vulnerable versions of waterline-sql-builder
node_modules/machinepack-mysql
lodash <=4.17.20
Severity: critical
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-4xc9-xhrj-v574
Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9
fix available via `npm audit fix --force`
Will install sails-redis@0.10.7, which is a breaking change
node_modules/sails-hook-grunt/node_modules/lodash
node_modules/sails-redis/node_modules/include-all/node_modules/lodash
node_modules/sails-redis/node_modules/rttc/node_modules/lodash
include-all 1.0.0 - 2.0.0
Depends on vulnerable versions of lodash
node_modules/sails-redis/node_modules/include-all
machine 1.3.1 - 15.0.0-24
Depends on vulnerable versions of include-all
Depends on vulnerable versions of rttc
node_modules/sails-redis/node_modules/machine
rttc <=10.0.0-5
Depends on vulnerable versions of lodash
node_modules/sails-redis/node_modules/rttc
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/minimatch
node_modules/sails-hook-grunt/node_modules/minimatch
minimist <=0.2.3 || 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix --force`
Will install sails-mysql@3.0.1, which is a breaking change
node_modules/knex/node_modules/minimist
node_modules/sails-hook-grunt/node_modules/minimist
node_modules/sails-hook-grunt/node_modules/mkdirp/node_modules/minimist
mkdirp 0.4.1 - 0.5.1
Depends on vulnerable versions of minimist
node_modules/sails-hook-grunt/node_modules/mkdirp
ms <2.0.0
Severity: moderate
Vercel ms Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-w9mr-4mfr-499f
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/mocha/node_modules/ms
passport <0.6.0
Severity: moderate
Passport before 0.6.0 vulnerable to session regeneration when a users logs in or out - https://github.com/advisories/GHSA-v923-w3x8-wh69
fix available via `npm audit fix --force`
Will install passport@0.6.0, which is a breaking change
node_modules/passport
path-parse <1.0.7
Severity: moderate
Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/path-parse
qs 6.5.0 - 6.5.2 || 6.7.0 - 6.7.2
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
No fix available
node_modules/body-parser/node_modules/qs
node_modules/express/node_modules/qs
node_modules/sails-hook-grunt/node_modules/qs
body-parser 1.19.0
Depends on vulnerable versions of qs
node_modules/body-parser
express 4.17.0 - 4.17.1 || 5.0.0-alpha.1 - 5.0.0-alpha.8
Depends on vulnerable versions of body-parser
Depends on vulnerable versions of qs
node_modules/express
redis 2.6.0 - 3.1.0
Severity: high
Node-Redis potential exponential regex in monitor mode - https://github.com/advisories/GHSA-35q2-47q7-3pc3
fix available via `npm audit fix --force`
Will install sails-redis@0.10.7, which is a breaking change
node_modules/@sailshq/connect-redis/node_modules/redis
node_modules/sails-redis/node_modules/redis
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
fix available via `npm audit fix --force`
Will install request-promise-native@0.0.0, which is a breaking change
node_modules/request
node_modules/sails-hook-grunt/node_modules/request
coveralls *
Depends on vulnerable versions of request
node_modules/coveralls
less 1.4.0-b1 - 2.6.1 || 2.7.2 - 3.11.3
Depends on vulnerable versions of request
node_modules/sails-hook-grunt/node_modules/less
grunt-contrib-less 0.6.0 - 0.12.0 || 1.0.1 - 1.3.0
Depends on vulnerable versions of less
node_modules/sails-hook-grunt/node_modules/grunt-contrib-less
request-promise-core *
Depends on vulnerable versions of request
node_modules/request-promise-core
request-promise-native >=1.0.0
Depends on vulnerable versions of request
Depends on vulnerable versions of request-promise-core
node_modules/request-promise-native
trim-newlines <3.0.1
Severity: high
Uncontrolled Resource Consumption in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
node_modules/sails-hook-grunt/node_modules/meow
websocket-extensions <0.1.4
Severity: high
Regular Expression Denial of Service in websocket-extensions (NPM package) - https://github.com/advisories/GHSA-g78m-2chm-r7qv
fix available via `npm audit fix`
node_modules/sails-hook-grunt/node_modules/websocket-extensions
57 vulnerabilities (3 low, 12 moderate, 22 high, 20 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Editor is loading...