You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recently I've updated our package to use the latest version of ng2-logger and running the npm audit on the resulting package-lock has revealed several vulnerabilities (I think primarily due to the underlying dependencies in tnp-core.) Is it possible to release a new version with the updated dependencies to resolve these vulnerabilities?
json5 2.0.0 - 2.2.1
Severity: high
Prototype Pollution in JSON5 via Parse Method - GHSA-9c47-m6qq-7p4h
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/ng2-logger/node_modules/json5
node_modules/tnp-core/node_modules/json5
ng2-logger 4.0.8 - 7.0.13 || >=8.0.4
Depends on vulnerable versions of json5
Depends on vulnerable versions of tnp-config
node_modules/ng2-logger
tnp-core <=0.0.60 || >=1.0.3
Depends on vulnerable versions of json5
Depends on vulnerable versions of lodash
Depends on vulnerable versions of moment
node_modules/tnp-core
tnp-config 0.0.35 - 0.0.89 || >=1.0.2
Depends on vulnerable versions of tnp-core
node_modules/tnp-config
lodash <=4.17.20
Severity: critical
Regular Expression Denial of Service (ReDoS) in lodash - GHSA-x5rq-j2xg-h7qm
Prototype Pollution in lodash - GHSA-fvqr-27wr-82fm
Prototype Pollution in lodash - GHSA-jf85-cpcp-j695
Prototype Pollution in lodash - GHSA-p6mc-m468-83gw
Command Injection in lodash - GHSA-35jh-r3h4-6jhm
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/tnp-core/node_modules/lodash
tnp-core <=0.0.60 || >=1.0.3
Depends on vulnerable versions of json5
Depends on vulnerable versions of lodash
Depends on vulnerable versions of moment
node_modules/tnp-core
tnp-config 0.0.35 - 0.0.89 || >=1.0.2
Depends on vulnerable versions of tnp-core
node_modules/tnp-config
ng2-logger 4.0.8 - 7.0.13 || >=8.0.4
Depends on vulnerable versions of json5
Depends on vulnerable versions of tnp-config
node_modules/ng2-logger
minimist <=0.2.3
Severity: critical
Prototype Pollution in minimist - GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist - GHSA-xvch-5gv4-984h
fix available via npm audit fix
node_modules/tnp-core/node_modules/mkdirp/node_modules/minimist
mkdirp 0.4.1 - 0.5.1
Depends on vulnerable versions of minimist
node_modules/tnp-core/node_modules/mkdirp
moment <=2.29.3
Severity: high
Path Traversal: 'dir/../../filename' in moment.locale - GHSA-8hfj-j24r-96c4
Moment.js vulnerable to Inefficient Regular Expression Complexity - GHSA-wc69-rhjr-hc9g
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/tnp-core/node_modules/moment
tnp-core <=0.0.60 || >=1.0.3
Depends on vulnerable versions of json5
Depends on vulnerable versions of lodash
Depends on vulnerable versions of moment
node_modules/tnp-core
tnp-config 0.0.35 - 0.0.89 || >=1.0.2
Depends on vulnerable versions of tnp-core
node_modules/tnp-config
ng2-logger 4.0.8 - 7.0.13 || >=8.0.4
Depends on vulnerable versions of json5
Depends on vulnerable versions of tnp-config
node_modules/ng2-logger
sync-exec *
Severity: moderate
Tmp files readable by other users in sync-exec - GHSA-38h8-x697-gh8q
fix available via npm audit fix
node_modules/sync-exec
copy-paste >=1.1.4
Depends on vulnerable versions of sync-exec
node_modules/copy-paste
The text was updated successfully, but these errors were encountered:
Hi!
Recently I've updated our package to use the latest version of ng2-logger and running the npm audit on the resulting package-lock has revealed several vulnerabilities (I think primarily due to the underlying dependencies in tnp-core.) Is it possible to release a new version with the updated dependencies to resolve these vulnerabilities?
The text was updated successfully, but these errors were encountered: