Bump the npm_and_yarn group with 20 updates #8393
Annotations
10 errors and 1 warning
|
Audit dependencies
Security advisory:
Title: qs vulnerable to Prototype Pollution
Module name: qs
Dependency: node-libcurl
Path: node-libcurl>node-gyp>request>qs
Severity: high
Details: https://github.com/advisories/GHSA-hrpp-h998-j3pp
|
|
Audit dependencies
Security advisory:
Title: tough-cookie Prototype Pollution vulnerability
Module name: tough-cookie
Dependency: node-libcurl
Path: node-libcurl>node-gyp>request>tough-cookie
Severity: moderate
Details: https://github.com/advisories/GHSA-72xf-g2v4-qvf3
|
|
Audit dependencies
Security advisory:
Title: cookie accepts cookie name, path, and domain with out of bounds characters
Module name: cookie
Dependency: express
Path: express>cookie
Severity: low
Details: https://github.com/advisories/GHSA-pxg6-pf52-xh8x
|
|
Audit dependencies
Security advisory:
Title: send vulnerable to template injection that can lead to XSS
Module name: send
Dependency: express
Path: express>serve-static>send
Severity: low
Details: https://github.com/advisories/GHSA-m6fv-jmcg-4jfg
|
|
Audit dependencies
Security advisory:
Title: Unpatched `path-to-regexp` ReDoS in 0.1.x
Module name: path-to-regexp
Dependency: express
Path: express>path-to-regexp
Severity: moderate
Details: https://github.com/advisories/GHSA-rhx6-c78j-4q9w
|
|
Audit dependencies
Security advisory:
Title: json-schema is vulnerable to Prototype Pollution
Module name: json-schema
Dependency: node-libcurl
Path: node-libcurl>node-gyp>request>http-signature>jsprim>json-schema
Severity: critical
Details: https://github.com/advisories/GHSA-896r-f27r-55mw
|
|
Audit dependencies
Security advisory:
Title: Vercel ms Inefficient Regular Expression Complexity vulnerability
Module name: ms
Dependency: metalsmith-markdownit
Path: metalsmith-markdownit>debug>ms
Severity: moderate
Details: https://github.com/advisories/GHSA-w9mr-4mfr-499f
|
|
Audit dependencies
Security advisory:
Title: debug Inefficient Regular Expression Complexity vulnerability
Module name: debug
Dependency: metalsmith-markdownit
Path: metalsmith-markdownit>debug
Severity: high
Details: https://github.com/advisories/GHSA-9vvw-cc9w-f27h
|
|
Audit dependencies
Security advisory:
Title: debug Inefficient Regular Expression Complexity vulnerability
Module name: debug
Dependency: metalsmith-permalinks
Path: metalsmith-permalinks>debug
Severity: high
Details: https://github.com/advisories/GHSA-9vvw-cc9w-f27h
|
|
Audit dependencies
Security advisory:
Title: Regular Expression Denial of Service in debug
Module name: debug
Dependency: metalsmith-markdownit
Path: metalsmith-markdownit>debug
Severity: low
Details: https://github.com/advisories/GHSA-gxpj-cx7g-858c
|
|
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
|
Loading