You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have installed this package with npm install and my app with 0 vulnerability became a vulnerability powerhouse
PS path> npm install iyzipay
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: Use uuid module instead
npm WARN deprecated [email protected]: request has been deprecated, see request/request#3142
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
added 64 packages, and audited 1036 packages in 6s
141 packages are looking for funding
run npm fund for details
11 vulnerabilities (3 moderate, 8 high)
Some issues need review, and may require choosing
a different dependency.
Run npm audit for details.
I'm using nestjs@latest at the time being nodejs 18 LTS
here is npm audit result
npm audit report
bl <1.2.3
Severity: moderate
Remote Memory Exposure in bl - GHSA-pp7h-53gx-mx7r
No fix available
node_modules/request/node_modules/bl
request *
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of qs
Depends on vulnerable versions of tough-cookie
Depends on vulnerable versions of tunnel-agent
node_modules/request
iyzipay *
Depends on vulnerable versions of request
node_modules/iyzipay
hawk <=9.0.0
Severity: high
Uncontrolled Resource Consumption in Hawk - GHSA-44pw-h2cw-w3vq
Depends on vulnerable versions of boom
Depends on vulnerable versions of cryptiles
Depends on vulnerable versions of hoek
Depends on vulnerable versions of sntp
No fix available
node_modules/hawk
hoek <4.2.1
Severity: high
Prototype Pollution in hoek - GHSA-jp4x-w63m-7wgm
No fix available
node_modules/hoek
boom <=3.1.2
Depends on vulnerable versions of hoek
node_modules/boom
cryptiles <=2.0.5
Depends on vulnerable versions of boom
node_modules/cryptiles
sntp 0.0.0 || 0.1.1 - 2.0.0
Depends on vulnerable versions of hoek
node_modules/sntp
qs <6.2.4
Severity: high
qs vulnerable to Prototype Pollution - GHSA-hrpp-h998-j3pp
No fix available
node_modules/request/node_modules/qs
tough-cookie <=4.1.2
Severity: high
Regular Expression Denial of Service in tough-cookie - GHSA-g7q5-pjjr-gqvp
ReDoS via long string of semicolons in tough-cookie - GHSA-qhv9-728r-6jqg
tough-cookie Prototype Pollution vulnerability - GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie
tunnel-agent <0.6.0
Severity: moderate
Memory Exposure in tunnel-agent - GHSA-xc7v-wxcw-j472
No fix available
node_modules/request/node_modules/tunnel-agent
11 vulnerabilities (3 moderate, 8 high)
Some issues need review, and may require choosing
a different dependency.
i have installed latest github relase as well
npm install github:iyzico/iyzipay-node#v2.0.49
but result is the same.
The text was updated successfully, but these errors were encountered:
I have installed this package with npm install and my app with 0 vulnerability became a vulnerability powerhouse
PS path> npm install iyzipay
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: This module moved to @hapi/sntp. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130
npm WARN deprecated [email protected]: This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
npm WARN deprecated [email protected]: Use uuid module instead
npm WARN deprecated [email protected]: request has been deprecated, see request/request#3142
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: This module moved to @hapi/hawk. Please make sure to switch over as this distribution is no longer supported and may contain bugs and critical security issues.
added 64 packages, and audited 1036 packages in 6s
141 packages are looking for funding
run
npm fund
for details11 vulnerabilities (3 moderate, 8 high)
Some issues need review, and may require choosing
a different dependency.
Run
npm audit
for details.I'm using nestjs@latest at the time being nodejs 18 LTS
here is npm audit result
npm audit report
bl <1.2.3
Severity: moderate
Remote Memory Exposure in bl - GHSA-pp7h-53gx-mx7r
No fix available
node_modules/request/node_modules/bl
request *
Depends on vulnerable versions of bl
Depends on vulnerable versions of hawk
Depends on vulnerable versions of qs
Depends on vulnerable versions of tough-cookie
Depends on vulnerable versions of tunnel-agent
node_modules/request
iyzipay *
Depends on vulnerable versions of request
node_modules/iyzipay
hawk <=9.0.0
Severity: high
Uncontrolled Resource Consumption in Hawk - GHSA-44pw-h2cw-w3vq
Depends on vulnerable versions of boom
Depends on vulnerable versions of cryptiles
Depends on vulnerable versions of hoek
Depends on vulnerable versions of sntp
No fix available
node_modules/hawk
hoek <4.2.1
Severity: high
Prototype Pollution in hoek - GHSA-jp4x-w63m-7wgm
No fix available
node_modules/hoek
boom <=3.1.2
Depends on vulnerable versions of hoek
node_modules/boom
cryptiles <=2.0.5
Depends on vulnerable versions of boom
node_modules/cryptiles
sntp 0.0.0 || 0.1.1 - 2.0.0
Depends on vulnerable versions of hoek
node_modules/sntp
qs <6.2.4
Severity: high
qs vulnerable to Prototype Pollution - GHSA-hrpp-h998-j3pp
No fix available
node_modules/request/node_modules/qs
tough-cookie <=4.1.2
Severity: high
Regular Expression Denial of Service in tough-cookie - GHSA-g7q5-pjjr-gqvp
ReDoS via long string of semicolons in tough-cookie - GHSA-qhv9-728r-6jqg
tough-cookie Prototype Pollution vulnerability - GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie
tunnel-agent <0.6.0
Severity: moderate
Memory Exposure in tunnel-agent - GHSA-xc7v-wxcw-j472
No fix available
node_modules/request/node_modules/tunnel-agent
11 vulnerabilities (3 moderate, 8 high)
Some issues need review, and may require choosing
a different dependency.
i have installed latest github relase as well
npm install github:iyzico/iyzipay-node#v2.0.49
but result is the same.
The text was updated successfully, but these errors were encountered: