Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Outdated dev dependencies #44

Open
tomymehdi opened this issue Oct 25, 2024 · 1 comment
Open

Outdated dev dependencies #44

tomymehdi opened this issue Oct 25, 2024 · 1 comment

Comments

@tomymehdi
Copy link

│ high │ Uncontrolled resource consumption in braces │
│ Package │ braces │
│ Patched in │ >=3.0.3 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt-browserify > watchify > chokidar > │
│ │ anymatch > micromatch > braces │
│ More info │ https://www.npmjs.com/advisories/1098094

│ high │ Uncontrolled resource consumption in braces │
│ Package │ braces │
│ Patched in │ >=3.0.3 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt-browserify > watchify > anymatch > │
│ │ micromatch > braces │
│ More info │ https://www.npmjs.com/advisories/1098094

│ high │ Uncontrolled resource consumption in braces │
│ Package │ braces │
│ Patched in │ >=3.0.3 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt-browserify > watchify > chokidar > │
│ │ braces │
│ More info │ https://www.npmjs.com/advisories/1098094

│ high │ Prototype Pollution in JSON5 via Parse Method │
│ Package │ json5 │
│ Patched in │ >=1.0.2 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > babelify > babel-core > json5 │
│ More info │ https://www.npmjs.com/advisories/1096543

│ high │ Uncontrolled Resource Consumption in trim-newlines │
│ Package │ trim-newlines │
│ Patched in │ >=3.0.1 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > dateformat > meow > trim-newlines │
│ More info │ https://www.npmjs.com/advisories/1095100

│ critical │ Arbitrary Code Execution in underscore │
│ Package │ underscore │
│ Patched in │ >=1.12.1 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > js-yaml > argparse > underscore │
│ More info │ https://www.npmjs.com/advisories/1095097

│ high │ minimatch ReDoS vulnerability │
│ Package │ minimatch │
│ Patched in │ >=3.0.5 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > load-grunt-tasks > multimatch > minimatch │
│ More info │ https://www.npmjs.com/advisories/1096485

│ high │ minimatch ReDoS vulnerability │
│ Package │ minimatch │
│ Patched in │ >=3.0.5 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > glob > minimatch │
│ More info │ https://www.npmjs.com/advisories/1096485

│ high │ minimatch ReDoS vulnerability │
│ Package │ minimatch │
│ Patched in │ >=3.0.5 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > minimatch │
│ More info │ https://www.npmjs.com/advisories/1096485

│ high │ minimatch ReDoS vulnerability │
│ Package │ minimatch │
│ Patched in │ >=3.0.5 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > findup-sync > glob > minimatch │
│ More info │ https://www.npmjs.com/advisories/1096485

│ high │ Regular Expression Denial of Service in minimatch │
│ Package │ minimatch │
│ Patched in │ >=3.0.2 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > load-grunt-tasks > multimatch > minimatch │
│ More info │ https://www.npmjs.com/advisories/1093710

│ high │ Regular Expression Denial of Service in minimatch │
│ Package │ minimatch │
│ Patched in │ >=3.0.2 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > glob > minimatch │
│ More info │ https://www.npmjs.com/advisories/1093710

│ high │ Regular Expression Denial of Service in minimatch │
│ Package │ minimatch │
│ Patched in │ >=3.0.2 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > minimatch │
│ More info │ https://www.npmjs.com/advisories/1093710

│ high │ Regular Expression Denial of Service in minimatch │
│ Package │ minimatch │
│ Patched in │ >=3.0.2 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > findup-sync > glob > minimatch │
│ More info │ https://www.npmjs.com/advisories/1093710

│ critical │ Prototype pollution in getobject │
│ Package │ getobject │
│ Patched in │ >=1.0.0 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > grunt-legacy-util > getobject │
│ More info │ https://www.npmjs.com/advisories/1093420

│ critical │ Prototype pollution in getobject │
│ Package │ getobject │
│ Patched in │ >=1.0.0 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > getobject │
│ More info │ https://www.npmjs.com/advisories/1093420

│ high │ Race Condition in Grunt │
│ Package │ grunt │
│ Patched in │ >=1.5.3 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt │
│ More info │ https://www.npmjs.com/advisories/1091643

│ high │ Arbitrary Code Execution in grunt │
│ Package │ grunt │
│ Patched in │ >=1.3.0 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt │
│ More info │ https://www.npmjs.com/advisories/1089836

│ high │ Code Injection in js-yaml │
│ Package │ js-yaml │
│ Patched in │ >=3.13.1 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > js-yaml │
│ More info │ https://www.npmjs.com/advisories/1095058

│ critical │ Prototype Pollution in lodash │
│ Package │ lodash │
│ Patched in │ >=4.17.12 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > lodash │
│ More info │ https://www.npmjs.com/advisories/1097140

│ critical │ Prototype Pollution in lodash │
│ Package │ lodash │
│ Patched in │ >=4.17.12 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > grunt-legacy-util > lodash │
│ More info │ https://www.npmjs.com/advisories/1097140

│ critical │ Prototype Pollution in lodash │
│ Package │ lodash │
│ Patched in │ >=4.17.12 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > grunt-legacy-log > lodash │
│ More info │ https://www.npmjs.com/advisories/1097140

│ critical │ Prototype Pollution in lodash │
│ Package │ lodash │
│ Patched in │ >=4.17.12 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > grunt-legacy-log > │
│ │ grunt-legacy-log-utils > lodash │
│ More info │ https://www.npmjs.com/advisories/1097140

│ critical │ Prototype Pollution in lodash │
│ Package │ lodash │
│ Patched in │ >=4.17.12 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > findup-sync > lodash │
│ More info │ https://www.npmjs.com/advisories/1097140

│ high │ Command Injection in lodash │
│ Package │ lodash │
│ Patched in │ >=4.17.21 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > lodash │
│ More info │ https://www.npmjs.com/advisories/1096996

│ high │ Command Injection in lodash │
│ Package │ lodash │
│ Patched in │ >=4.17.21 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > grunt-legacy-util > lodash │
│ More info │ https://www.npmjs.com/advisories/1096996

│ high │ Command Injection in lodash │
│ Package │ lodash │
│ Patched in │ >=4.17.21 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > grunt-legacy-log > lodash │
│ More info │ https://www.npmjs.com/advisories/1096996

│ high │ Command Injection in lodash │
│ Package │ lodash │
│ Patched in │ >=4.17.21 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > grunt-legacy-log > │
│ │ grunt-legacy-log-utils > lodash │
│ More info │ https://www.npmjs.com/advisories/1096996

│ high │ Command Injection in lodash │
│ Package │ lodash │
│ Patched in │ >=4.17.21 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > findup-sync > lodash │
│ More info │ https://www.npmjs.com/advisories/1096996

│ high │ Prototype Pollution in lodash │
│ Package │ lodash │
│ Patched in │ >=4.17.11 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > lodash │
│ More info │ https://www.npmjs.com/advisories/1094499

│ high │ Prototype Pollution in lodash │
│ Package │ lodash │
│ Patched in │ >=4.17.11 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > grunt-legacy-util > lodash │
│ More info │ https://www.npmjs.com/advisories/1094499

│ high │ Prototype Pollution in lodash │
│ Package │ lodash │
│ Patched in │ >=4.17.11 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > grunt-legacy-log > lodash │
│ More info │ https://www.npmjs.com/advisories/1094499

│ high │ Prototype Pollution in lodash │
│ Package │ lodash │
│ Patched in │ >=4.17.11 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > grunt-legacy-log > │
│ │ grunt-legacy-log-utils > lodash │
│ More info │ https://www.npmjs.com/advisories/1094499

│ high │ Prototype Pollution in lodash │
│ Package │ lodash │
│ Patched in │ >=4.17.11 │
│ Dependency of │ aes-everywhere │
│ Path │ aes-everywhere > grunt > findup-sync > lodash │
│ More info │ https://www.npmjs.com/advisories/1094499
@mervick
Copy link
Owner

mervick commented Oct 25, 2024

Hello.
I wanted to note that the flagged dependencies are all dev dependencies and don't impact the production build since we’re distributing a compiled version of the project. This means any potential vulnerabilities in those packages won’t affect end users.

While it's not critical, we can still address these in the next development cycle to ensure the environment stays up-to-date.

Screenshot from 2024-10-25 15-57-50

@mervick mervick changed the title Critical and High Security Vulnerabilities with patches available Outdated dev dependencies Oct 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tomymehdi @mervick