This repository was archived by the owner on Oct 17, 2023. It is now read-only.
This repository was archived by the owner on Oct 17, 2023. It is now read-only.
npm audit reports multiple security vulnerabilities #100
Description
Found 16 vulnerabilities within 831 dependencies.
| Critical | High | Moderate | Low | Info |
|---|---|---|---|---|
| 0 | 10 | 6 | 0 | 0 |
Known vulnerabilities:
| Name | Package name | Severity | CVEs | Recommendation |
|---|---|---|---|---|
| Inefficient Regular Expression Complexity in chalk/ansi-regex | ansi-regex | moderate | CWE-918, CVE-2021-3807 | Upgrade to version 5.0.1 or later |
| Prototype Pollution in set-value | set-value | high | CWE-843, CVE-2021-23440 | Upgrade to version 4.0.1 or later |
Recommended actions:
| Package | Action | Target version | Major update | What to do |
|---|---|---|---|---|
| ansi-regex | update | 5.0.1 | npm update ansi-regex --depth 4 | |
| ansi-regex | review | Manual review | ||
| set-value | review | Manual review |
It seems that most of them are coming from hellosign-sdk > expect