-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
vulnerabilities on install #3
Comments
Hi @rowemoore, I can be wrong, but the site is build in SSG, so the vulnerabilities are not exposed on the live site, can you let me know how someone could exploit this? Thanks for the report, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Windows 10. audit fix and audit fix --force not working.
`# npm audit report
file-type 17.0.0 - 17.1.2
Severity: high
file-type vulnerable to Infinite Loop via malformed MKV file - GHSA-mhxj-85r3-2x55
fix available via
npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/astro-imagetools/node_modules/file-type
astro-imagetools *
Depends on vulnerable versions of file-type
Depends on vulnerable versions of imagetools-core
Depends on vulnerable versions of potrace
node_modules/astro-imagetools
sharp <0.30.5
Severity: moderate
sharp vulnerable to Command Injection in post-installation over build environment - GHSA-gp95-ppv5-3jc5
fix available via
npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/imagetools-core/node_modules/sharp
imagetools-core <=3.0.2
Depends on vulnerable versions of sharp
node_modules/imagetools-core
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - GHSA-776f-qx25-q3cc
fix available via
npm audit fix
node_modules/xml2js
parse-bmfont-xml *
Depends on vulnerable versions of xml2js
node_modules/parse-bmfont-xml
load-bmfont >=1.1.0
Depends on vulnerable versions of parse-bmfont-xml
node_modules/load-bmfont
@jimp/core <=0.17.1 || 0.17.3--canary.1136.7f5f5d8.0 || 0.18.0--canary.1133.54bf269.0 - 0.18.0--canary.1135.911ed04.0
Depends on vulnerable versions of load-bmfont
node_modules/potrace/node_modules/@jimp/core
@jimp/custom <=0.17.0--canary.1131.af3cb94.0 || 0.17.3--canary.1136.7f5f5d8.0 || 0.18.0--canary.1133.54bf269.0 - 0.18.0--canary.1135.911ed04.0
Depends on vulnerable versions of @jimp/core
node_modules/potrace/node_modules/@jimp/custom
jimp >=0.3.6-alpha.5
Depends on vulnerable versions of @jimp/custom
Depends on vulnerable versions of @jimp/plugins
node_modules/potrace/node_modules/jimp
potrace >=2.1.2
Depends on vulnerable versions of jimp
node_modules/potrace
@jimp/plugin-print *
Depends on vulnerable versions of load-bmfont
node_modules/@jimp/plugin-print
@jimp/plugins *
Depends on vulnerable versions of @jimp/plugin-print
node_modules/@jimp/plugins
13 vulnerabilities (11 moderate, 2 high)
`
The text was updated successfully, but these errors were encountered: