Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update package version in express-cli.js #288

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update package version in express-cli.js #288

wants to merge 1 commit into from

Conversation

tonysan
Copy link

@tonysan tonysan commented Jan 3, 2021

pug, less-middleware, and hbs

SEMVER WARNING: Recommended action is a potentially breaking change
  Low             Regular Expression Denial of Service
  Package         clean-css
  Dependency of   pug
  Path            pug > pug-filters > clean-css
  More info       https://npmjs.com/advisories/785

                                 Manual Review
             Some vulnerabilities require your attention to resolve
          Visit https://go.npm.me/audit-guide for additional guidance

  Moderate        Prototype Pollution
  Package         hoek
  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3
  Dependency of   less-middleware
  Path            less-middleware > less > request > hawk > boom > hoek
  More info       https://npmjs.com/advisories/566

  Moderate        Prototype Pollution
  Package         hoek
  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3
  Dependency of   less-middleware
  Path            less-middleware > less > request > hawk > cryptiles > boom >
                  hoek
  More info       https://npmjs.com/advisories/566


  Moderate        Prototype Pollution
  Package         hoek
  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3
  Dependency of   less-middleware
  Path            less-middleware > less > request > hawk > hoek
  More info       https://npmjs.com/advisories/566


  Moderate        Prototype Pollution
  Package         hoek
  Patched in      > 4.2.0 < 5.0.0 || >= 5.0.3
  Dependency of   less-middleware
  Path            less-middleware > less > request > hawk > sntp > hoek
  More info       https://npmjs.com/advisories/566


  High            Insufficient Entropy
  Package         cryptiles
  Patched in      >=4.1.2
  Dependency of   less-middleware
  Path            less-middleware > less > request > hawk > cryptiles
  More info       https://npmjs.com/advisories/1464

# Run  npm install hbs@4.1.1  to resolve 5 vulnerabilities

  Low             Prototype Pollution
  Package         minimist
  Dependency of   hbs
  Path            hbs > handlebars > optimist > minimist
  More info       https://npmjs.com/advisories/1179

  Moderate        Denial of Service
  Package         handlebars
  Dependency of   hbs
  Path            hbs > handlebars
  More info       https://npmjs.com/advisories/1300

  High            Arbitrary Code Execution
  Package         handlebars
  Dependency of   hbs
  Path            hbs > handlebars
  More info       https://npmjs.com/advisories/1316

  High            Arbitrary Code Execution
  Package         handlebars
  Dependency of   hbs
  Path            hbs > handlebars
  More info       https://npmjs.com/advisories/1324

  High            Prototype Pollution
  Package         handlebars
  Dependency of   hbs
  Path            hbs > handlebars
  More info       https://npmjs.com/advisories/1325

@tonysan
Update express-cli.js
2c89493 
update package version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
deps pr
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@tonysan @import-brain