You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After installing codesandbox package I have some vulnerabilites on my project.
Here is npm audit report:
# npm audit report
axios <=0.27.2
Severity: high
Axios vulnerable to Server-Side Request Forgery - https://github.com/advisories/GHSA-4w2v-q235-vp99
axios Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
Depends on vulnerable versions of follow-redirects
fix available via `npm audit fix --force`
Will install codesandbox@0.0.0, which is a breaking change
node_modules/axios
codesandbox >=1.0.0
Depends on vulnerable versions of axios
Depends on vulnerable versions of pacote
Depends on vulnerable versions of update-notifier
node_modules/codesandbox
follow-redirects <=1.15.5
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc
follow-redirects' Proxy-Authorization header kept across hosts - https://github.com/advisories/GHSA-cxjh-pqwp-8mfp
fix available via `npm audit fix --force`
Will install codesandbox@0.0.0, which is a breaking change
node_modules/axios/node_modules/follow-redirects
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix`
node_modules/codesandbox/node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/codesandbox/node_modules/package-json
latest-version 0.2.0 - 5.1.0
Depends on vulnerable versions of package-json
node_modules/codesandbox/node_modules/latest-version
update-notifier 0.2.0 - 5.1.0
Depends on vulnerable versions of latest-version
node_modules/codesandbox/node_modules/update-notifier
http-cache-semantics <4.1.1
Severity: high
http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j
fix available via `npm audit fix`
node_modules/make-fetch-happen/node_modules/http-cache-semantics
make-fetch-happen 2.1.0 - 6.1.0
Depends on vulnerable versions of http-cache-semantics
node_modules/make-fetch-happen
pacote 2.0.0 - 9.5.12
Depends on vulnerable versions of cacache
Depends on vulnerable versions of make-fetch-happen
Depends on vulnerable versions of ssri
node_modules/pacote
ssri <=6.0.1
Severity: high
Regular Expression Denial of Service in ssri - https://github.com/advisories/GHSA-325j-24f4-qv5x
Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-vx3p-948g-6vhq
fix available via `npm audit fix`
node_modules/make-fetch-happen/node_modules/ssri
node_modules/ssri
cacache 10.0.4 - 11.0.0 || 7.0.0 - 9.3.0
Depends on vulnerable versions of ssri
Depends on vulnerable versions of ssri
node_modules/cacache
node_modules/make-fetch-happen/node_modules/cacache
12 vulnerabilities (5 moderate, 7 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Is it possible to update vulnerable packages ?
The text was updated successfully, but these errors were encountered:
After installing codesandbox package I have some vulnerabilites on my project.
Here is
npm auditreport:Is it possible to update vulnerable packages ?
The text was updated successfully, but these errors were encountered: