You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# npm audit report
braces <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix`
node_modules/braces
express <4.19.2
Severity: moderate
Express.js Open Redirect in malformed URLs - https://github.com/advisories/GHSA-rv95-896h-c2vc
fix available via `npm audit fix`
node_modules/express
@verdaccio/middleware <=7.0.0-next-7.15
Depends on vulnerable versions of @verdaccio/config
Depends on vulnerable versions of @verdaccio/core
Depends on vulnerable versions of @verdaccio/url
Depends on vulnerable versions of @verdaccio/utils
Depends on vulnerable versions of express
node_modules/@verdaccio/middleware
verdaccio <=5.31.0 || 6.0.0-6-next.21 - 7.0.0-next-7.15
Depends on vulnerable versions of @verdaccio/config
Depends on vulnerable versions of @verdaccio/core
Depends on vulnerable versions of @verdaccio/logger-7
Depends on vulnerable versions of @verdaccio/middleware
Depends on vulnerable versions of @verdaccio/tarball
Depends on vulnerable versions of @verdaccio/url
Depends on vulnerable versions of @verdaccio/utils
Depends on vulnerable versions of express
Depends on vulnerable versions of request
Depends on vulnerable versions of semver
Depends on vulnerable versions of verdaccio-audit
node_modules/verdaccio
verdaccio-audit 0.0.2 - 12.0.0-next-7.15
Depends on vulnerable versions of @verdaccio/config
Depends on vulnerable versions of @verdaccio/core
Depends on vulnerable versions of express
node_modules/verdaccio-audit
got <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install @jupyterlab/buildutils@4.2.3, which is a breaking change
node_modules/got
package-json <=6.5.0
Depends on vulnerable versions of got
node_modules/package-json
@jupyterlab/buildutils 0.9.0 - 4.0.0-rc.1
Depends on vulnerable versions of package-json
node_modules/@jupyterlab/buildutils
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix`
node_modules/postcss
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
fix available via `npm audit fix`
node_modules/request
semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/duplicate-package-checker-webpack-plugin/node_modules/semver
node_modules/make-dir/node_modules/semver
node_modules/package-json/node_modules/semver
node_modules/semver
@verdaccio/core <=6.0.0-6-next.72
Depends on vulnerable versions of semver
node_modules/@verdaccio/core
node_modules/verdaccio-audit/node_modules/@verdaccio/core
@verdaccio/config <=6.0.0-6-next.72
Depends on vulnerable versions of @verdaccio/core
Depends on vulnerable versions of @verdaccio/utils
Depends on vulnerable versions of yaml
node_modules/@verdaccio/config
node_modules/verdaccio-audit/node_modules/@verdaccio/config
@verdaccio/logger-commons <=6.0.0-6-next.40
Depends on vulnerable versions of @verdaccio/core
node_modules/@verdaccio/logger-commons
@verdaccio/logger-7 <=6.0.0-6-next.17
Depends on vulnerable versions of @verdaccio/logger-commons
node_modules/@verdaccio/logger-7
@verdaccio/tarball <=11.0.0-6-next.41
Depends on vulnerable versions of @verdaccio/core
Depends on vulnerable versions of @verdaccio/url
Depends on vulnerable versions of @verdaccio/utils
node_modules/@verdaccio/tarball
@verdaccio/url <=11.0.0-6-next.38
Depends on vulnerable versions of @verdaccio/core
node_modules/@verdaccio/url
@verdaccio/utils <=6.0.0-6-next.40
Depends on vulnerable versions of @verdaccio/core
Depends on vulnerable versions of semver
node_modules/@verdaccio/utils
node_modules/verdaccio-audit/node_modules/@verdaccio/utils
tar <6.2.1
Severity: moderate
Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36
fix available via `npm audit fix`
node_modules/tar
three <0.125.0
Severity: high
Denial of service in three - https://github.com/advisories/GHSA-fq6p-x6j3-cmmq
fix available via `npm audit fix --force`
Will install three@0.166.1, which is a breaking change
node_modules/three
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
fix available via `npm audit fix`
node_modules/tough-cookie
webpack 5.0.0 - 5.75.0
Severity: critical
Cross-realm object access in Webpack 5 - https://github.com/advisories/GHSA-hc6q-2mpp-qw7j
fix available via `npm audit fix`
node_modules/webpack
word-wrap <1.2.4
Severity: moderate
word-wrap vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-j8xg-fqg3-53r7
fix available via `npm audit fix`
node_modules/word-wrap
ws 7.0.0 - 7.5.9
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix`
node_modules/ws
yaml 2.0.0-5 - 2.2.1
Severity: high
Uncaught Exception in yaml - https://github.com/advisories/GHSA-f9xv-q969-pqx4
fix available via `npm audit fix`
node_modules/yaml
25 vulnerabilities (18 moderate, 6 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Running audit fix and thus updating three and jupyterlab to a recent version does not let me build the wheel:
[ 14s] Building wheels for collected packages: pythreejs
[ 14s] Building wheel for pythreejs (pyproject.toml): started
[ 14s] Running command Building wheel for pythreejs (pyproject.toml)
[ 14s] running bdist_wheel
[ 14s] running js
[ 14s] node_modules are up to date, skipping npm install!
...
[ 15s] > jupyter-threejs@2.4.1 build:bundles-prod
[ 15s] > webpack --mode production && node ./scripts/post-build.js
...
[ 23s] node:internal/process/promises:391
[ 23s] triggerUncaughtException(err, true /* fromPromise */);
[ 23s] ^
[ 23s]
[ 23s] [Error: ENOENT: no such file or directory, lstat '/home/abuild/rpmbuild/BUILD/pythreejs-2.4.2/js/node_modules/three/build/three.min.js'] {
[ 23s] errno: -2,
[ 23s] code: 'ENOENT',
[ 23s] syscall: 'lstat',
[ 23s] path: '/home/abuild/rpmbuild/BUILD/pythreejs-2.4.2/js/node_modules/three/build/three.min.js'
[ 23s] }
[ 23s]
[ 23s] Node.js v22.3.0
[ 23s] npm error code 1
[ 23s] npm error path /home/abuild/rpmbuild/BUILD/pythreejs-2.4.2/js
[ 23s] npm error command failed
[ 23s] npm error command sh -c npm run build:bundles-prod
The text was updated successfully, but these errors were encountered:
Running audit fix and thus updating three and jupyterlab to a recent version does not let me build the wheel:
The text was updated successfully, but these errors were encountered: