You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
npm audit fails with security vulnerability in axios dependency
STEPS TO REPRODUCE
$ npm i -S @inplayer-org/inplayer.js@3.12.0
npm WARN deprecated fingerprintjs2@2.1.4: Package has been renamed to @fingerprintjs/fingerprintjs. Install @fingerprintjs/fingerprintjs to get updates.
npm WARN deprecated axios@0.19.2: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410
added 69 packages, and audited 70 packages in 8s
12 packages are looking for funding
run `npm fund` for details
2 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
$ npm audit
# npm audit report
axios <=0.21.1
Severity: high
Incorrect Comparison in axios - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
Server-Side Request Forgery in Axios - https://github.com/advisories/GHSA-4w2v-q235-vp99
fix available via `npm audit fix --force`
Will install @inplayer-org/inplayer.js@2.13.9, which is a breaking change
node_modules/axios
@inplayer-org/inplayer.js >=3.0.0-beta.0
Depends on vulnerable versions of axios
node_modules/@inplayer-org/inplayer.js
2 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
The text was updated successfully, but these errors were encountered:
$ npm audit
# npm audit report
axios <=0.21.1
Severity: high
Incorrect Comparison in axios - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
Server-Side Request Forgery in Axios - https://github.com/advisories/GHSA-4w2v-q235-vp99
Depends on vulnerable versions of follow-redirects
fix available via `npm audit fix --force`
Will install @inplayer-org/inplayer.js@2.13.9, which is a breaking change
node_modules/axios
@inplayer-org/inplayer.js >=0.3.22
Depends on vulnerable versions of aws-iot-device-sdk
Depends on vulnerable versions of axios
node_modules/@inplayer-org/inplayer.js
follow-redirects <=1.14.7
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
fix available via `npm audit fix --force`
Will install @inplayer-org/inplayer.js@2.13.9, which is a breaking change
node_modules/follow-redirects
axios <=0.21.1
Depends on vulnerable versions of follow-redirects
node_modules/axios
@inplayer-org/inplayer.js >=0.3.22
Depends on vulnerable versions of aws-iot-device-sdk
Depends on vulnerable versions of axios
node_modules/@inplayer-org/inplayer.js
minimist <=1.2.5
Severity: high
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix --force`
Will install @inplayer-org/inplayer.js@2.13.9, which is a breaking change
node_modules/minimist
aws-iot-device-sdk *
Depends on vulnerable versions of minimist
node_modules/aws-iot-device-sdk
@inplayer-org/inplayer.js >=0.3.22
Depends on vulnerable versions of aws-iot-device-sdk
Depends on vulnerable versions of axios
node_modules/@inplayer-org/inplayer.js
5 high severity vulnerabilities
ACTUAL BEHAVIOR
npm audit fails with security vulnerability in axios dependency
STEPS TO REPRODUCE
The text was updated successfully, but these errors were encountered: