You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
7 critical vulnerabilities were reported after the changes in #5529
# npm audit report
ansi-regex 4.0.0 - 4.1.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/ganache-cli/node_modules/ansi-regex
elliptic <6.5.4
Severity: moderate
Use of a Broken or Risky Cryptographic Algorithm - https://github.com/advisories/GHSA-r9p9-mrjm-926w
fix available via `npm audit fix`
node_modules/ganache-cli/node_modules/elliptic
glob-parent <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install karma-browserify@8.1.0, which is a breaking change
node_modules/watchify/node_modules/glob-parent
node_modules/watchpack-chokidar2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchify/node_modules/chokidar
node_modules/watchpack-chokidar2/node_modules/chokidar
watchify 3.0.0 - 3.11.1
Depends on vulnerable versions of chokidar
node_modules/watchify
karma-browserify 4.1.0 - 8.0.0
Depends on vulnerable versions of watchify
node_modules/karma-browserify
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/webpack
parse-path <5.0.0
Severity: high
Authorization Bypass in parse-path - https://github.com/advisories/GHSA-3j8f-xvm3-ffx4
fix available via `npm audit fix --force`
Will install lerna@6.0.0, which is a breaking change
node_modules/parse-path
parse-url <=8.0.0
Depends on vulnerable versions of parse-path
node_modules/parse-url
git-up <=6.0.0
Depends on vulnerable versions of parse-url
node_modules/git-up
git-url-parse 4.0.0 - 12.0.0
Depends on vulnerable versions of git-up
node_modules/git-url-parse
@lerna/github-client <=5.5.1
Depends on vulnerable versions of git-url-parse
node_modules/@lerna/github-client
@lerna/version 3.11.0 - 5.5.1 || 5.5.3
Depends on vulnerable versions of @lerna/github-client
node_modules/@lerna/version
@lerna/publish 3.11.0 - 5.5.1 || 5.5.3
Depends on vulnerable versions of @lerna/version
node_modules/@lerna/publish
lerna 3.11.0 - 5.5.1
Depends on vulnerable versions of @lerna/version
node_modules/lerna
parse-url <=8.0.0
Severity: critical
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url - https://github.com/advisories/GHSA-j9fq-vwqv-2fm2
Depends on vulnerable versions of parse-path
fix available via `npm audit fix --force`
Will install lerna@6.0.0, which is a breaking change
node_modules/parse-url
git-up <=6.0.0
Depends on vulnerable versions of parse-url
node_modules/git-up
git-url-parse 4.0.0 - 12.0.0
Depends on vulnerable versions of git-up
node_modules/git-url-parse
@lerna/github-client <=5.5.1
Depends on vulnerable versions of git-url-parse
node_modules/@lerna/github-client
@lerna/version 3.11.0 - 5.5.1 || 5.5.3
Depends on vulnerable versions of @lerna/github-client
node_modules/@lerna/version
@lerna/publish 3.11.0 - 5.5.1 || 5.5.3
Depends on vulnerable versions of @lerna/version
node_modules/@lerna/publish
lerna 3.11.0 - 5.5.1
Depends on vulnerable versions of @lerna/version
node_modules/lerna
y18n 4.0.0
Severity: high
Prototype Pollution in y18n - https://github.com/advisories/GHSA-c4w7-xm78-47vh
fix available via `npm audit fix`
node_modules/ganache-cli/node_modules/y18n
yargs-parser <=5.0.0
Severity: moderate
yargs-parser Vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-p9pc-299p-vxgp
No fix available
node_modules/solc/node_modules/yargs-parser
yargs 4.0.0-alpha1 - 7.0.0-alpha.3 || 7.1.1
Depends on vulnerable versions of yargs-parser
node_modules/solc/node_modules/yargs
solc 0.3.6 - 0.4.26
Depends on vulnerable versions of yargs
node_modules/solc
@ensdomains/ens *
Depends on vulnerable versions of solc
node_modules/@ensdomains/ens
22 vulnerabilities (5 moderate, 10 high, 7 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
The text was updated successfully, but these errors were encountered:
7 critical vulnerabilities were reported after the changes in #5529
The text was updated successfully, but these errors were encountered: