You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are currently 8 npm dependency issues that can't be resolved without breaking your project... please could you explore and remedy these as one is DoS.
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '[email protected]',
npm WARN EBADENGINE required: { node: '>=4.0.0', npm: '^2.0.0' },
npm WARN EBADENGINE current: { node: 'v12.22.12', npm: '7.5.2' }
npm WARN EBADENGINE }
up to date, audited 311 packages in 13s
38 packages are looking for funding
run `npm fund` for details
# npm audit report
ajv <6.12.3
Severity: moderate
Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/ajv
eslint 2.5.0 - 2.5.2 || 4.2.0 - 5.0.0-rc.0
Depends on vulnerable versions of ajv
Depends on vulnerable versions of table
node_modules/eslint
table 3.7.10 - 4.0.2
Depends on vulnerable versions of ajv
node_modules/table
lodash <=4.17.20
Severity: critical
Prototype Pollution in lodash - https://github.com/advisories/GHSA-jf85-cpcp-j695
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm
Prototype Pollution in lodash - https://github.com/advisories/GHSA-fvqr-27wr-82fm
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/request-promise/node_modules/lodash
request-promise 0.2.4 - 2.0.0
Depends on vulnerable versions of lodash
node_modules/request-promise
minimist <=1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix`
node_modules/minimist
optimist >=0.6.0
Depends on vulnerable versions of minimist
node_modules/optimist
node-static *
Severity: moderate
Denial of Service in node-static - https://github.com/advisories/GHSA-8r4g-cg4m-x23c
No fix available
node_modules/node-static
8 vulnerabilities (6 moderate, 2 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
The text was updated successfully, but these errors were encountered:
jackc94
changed the title
Fix nom dependency issues
Fix npm dependency issues
Aug 23, 2022
I've found that you can update the dependencies as below, and the plugin still works.
It doesn't resolve everything, but it resolves a lot.
I've written a script to update everything to the highest working versions.
Here's my working dependencies:
There are currently 8 npm dependency issues that can't be resolved without breaking your project... please could you explore and remedy these as one is DoS.
The text was updated successfully, but these errors were encountered: