You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
mooch@basement2:~/p/electronWebGCS$ npm audit
# npm audit report
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix --force`
Will install electron-builder@23.4.0, which is a breaking change
node_modules/dir-compare/node_modules/minimatch
dir-compare <=2.4.0
Depends on vulnerable versions of minimatch
node_modules/dir-compare
@electron/universal 1.0.1 - 1.3.3
Depends on vulnerable versions of dir-compare
node_modules/@electron/universal
app-builder-lib 22.10.4 - 24.0.0-alpha.13
Depends on vulnerable versions of @electron/universal
node_modules/app-builder-lib
dmg-builder 22.10.4 - 24.0.0-alpha.13
Depends on vulnerable versions of app-builder-lib
node_modules/dmg-builder
electron-builder 19.25.0 || >=22.10.4
Depends on vulnerable versions of app-builder-lib
Depends on vulnerable versions of dmg-builder
Depends on vulnerable versions of simple-update-notifier
node_modules/electron-builder
minimist <=0.2.3 || 1.0.0 - 1.2.5
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m
fix available via `npm audit fix --force`
Will install leaflet-omnivore@0.3.0, which is a breaking change
node_modules/@mapbox/togeojson/node_modules/minimist
node_modules/optimist/node_modules/minimist
node_modules/static-module/node_modules/minimist
node_modules/togeojson/node_modules/minimist
node_modules/wellknown/node_modules/minimist
@mapbox/togeojson *
Depends on vulnerable versions of minimist
Depends on vulnerable versions of xmldom
node_modules/@mapbox/togeojson
optimist >=0.6.0
Depends on vulnerable versions of minimist
node_modules/optimist
csv2geojson 3.8.0 - 5.1.1
Depends on vulnerable versions of optimist
node_modules/csv2geojson
quote-stream <=1.0.0
Depends on vulnerable versions of minimist
node_modules/static-module/node_modules/quote-stream
togeojson >=0.4.0
Depends on vulnerable versions of minimist
Depends on vulnerable versions of xmldom
node_modules/togeojson
leaflet-omnivore >=0.3.1
Depends on vulnerable versions of brfs
Depends on vulnerable versions of csv2geojson
Depends on vulnerable versions of togeojson
Depends on vulnerable versions of wellknown
node_modules/leaflet-omnivore
wellknown 0.3.2 - 0.4.2
Depends on vulnerable versions of minimist
node_modules/wellknown
protobufjs 6.10.0 - 7.2.3
Severity: high
protobufjs Prototype Pollution vulnerability - https://github.com/advisories/GHSA-h755-8qp9-cq85
fix available via `npm audit fix`
node_modules/protobufjs
semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install eslint-plugin-compat@3.5.1, which is a breaking change
node_modules/@babel/core/node_modules/semver
node_modules/@babel/helper-compilation-targets/node_modules/semver
node_modules/@babel/helper-define-polyfill-provider/node_modules/semver
node_modules/@babel/preset-env/node_modules/semver
node_modules/@electron/get/node_modules/semver
node_modules/babel-plugin-polyfill-corejs2/node_modules/semver
node_modules/eslint-config-airbnb-base/node_modules/semver
node_modules/eslint-import-resolver-webpack/node_modules/semver
node_modules/eslint-plugin-import/node_modules/semver
node_modules/eslint-plugin-jsx-a11y/node_modules/semver
node_modules/eslint-plugin-react/node_modules/semver
node_modules/istanbul-lib-instrument/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/semver
node_modules/simple-update-notifier/node_modules/semver
eslint-plugin-compat >=3.6.0-0
Depends on vulnerable versions of semver
node_modules/eslint-plugin-compat
eslint-config-erb >=1.0.0-0
Depends on vulnerable versions of eslint-plugin-compat
node_modules/eslint-config-erb
simple-update-notifier 1.0.7 - 1.1.0
Depends on vulnerable versions of semver
node_modules/simple-update-notifier
static-eval <=2.0.1
Severity: high
Sandbox Breakout / Arbitrary Code Execution in static-eval - https://github.com/advisories/GHSA-x9hc-rw35-f44h
Sandbox Breakout / Arbitrary Code Execution in static-eval - https://github.com/advisories/GHSA-5mjw-6jrh-hvfq
fix available via `npm audit fix`
node_modules/static-eval
static-module <=1.5.0
Depends on vulnerable versions of quote-stream
Depends on vulnerable versions of static-eval
node_modules/static-module
brfs 1.1.0 - 1.4.3
Depends on vulnerable versions of static-module
node_modules/brfs
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix`
node_modules/tough-cookie
word-wrap *
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via `npm audit fix`
node_modules/word-wrap
optionator 0.8.3 - 0.9.1
Depends on vulnerable versions of word-wrap
node_modules/escodegen/node_modules/optionator
node_modules/optionator
xmldom *
Severity: critical
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-5fg8-2547-mr8q
Misinterpretation of malicious XML input - https://github.com/advisories/GHSA-h6q6-9hqw-rwfv
xmldom allows multiple root nodes in a DOM - https://github.com/advisories/GHSA-crh6-fp67-6883
fix available via `npm audit fix --force`
Will install leaflet-omnivore@0.3.0, which is a breaking change
node_modules/xmldom
26 vulnerabilities (8 moderate, 8 high, 10 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
too many vulnerabilities
The text was updated successfully, but these errors were encountered:
I don't believe so. It seems like upgrading electron deps will fix a good amount of these. Been pretty busy at $dayjob last couple of weeks but i will probably tackle this soon
too many vulnerabilities
The text was updated successfully, but these errors were encountered: