(HOTFIX) mettre à jour / remplacer les librairies vulnérables
# npm audit report
body-parser <1.20.3
Severity: high
body-parser vulnerable to denial of service when url encoding is enabled - https://github.com/advisories/GHSA-qwcr-r2fm-qrc7
fix available via `npm audit fix`
node_modules/body-parser
elliptic 2.0.0 - 6.5.6
Elliptic's EDDSA missing signature length check - https://github.com/advisories/GHSA-f7q4-pwc6-w24p
Elliptic's ECDSA missing check for whether leading bit of r and s is zero - https://github.com/advisories/GHSA-977x-g7h5-7qgw
Elliptic allows BER-encoded signatures - https://github.com/advisories/GHSA-49q7-c7j4-3p7m
fix available via `npm audit fix`
node_modules/meteor-node-stubs/node_modules/elliptic
ip *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
No fix available
node_modules/ip
lodash.set *
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
No fix available
node_modules/lodash.set
micromatch <4.0.8
Severity: moderate
Regular Expression Denial of Service (ReDoS) in micromatch - https://github.com/advisories/GHSA-952p-6rrq-rcjv
fix available via `npm audit fix`
node_modules/micromatch
path-to-regexp 0.2.0 - 1.8.0 || 2.0.0 - 3.2.0
Severity: high
path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
fix available via `npm audit fix --force`
Will install serve@6.5.8, which is a breaking change
node_modules/path-to-regexp
node_modules/serve-handler/node_modules/path-to-regexp
serve-handler *
Depends on vulnerable versions of path-to-regexp
node_modules/serve-handler
serve >=7.0.0
Depends on vulnerable versions of serve-handler
node_modules/serve
quill <=1.3.7
Severity: moderate
Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r
No fix available
node_modules/quill
quill-image-resize-module *
Depends on vulnerable versions of quill
node_modules/quill-image-resize-module
react-quill >=0.0.3
Depends on vulnerable versions of quill
node_modules/react-quill
11 vulnerabilities (1 low, 4 moderate, 6 high)