Skip to content

(HOTFIX) mettre à jour / remplacer les librairies vulnérables

# npm audit report

body-parser  <1.20.3
Severity: high
body-parser vulnerable to denial of service when url encoding is enabled - https://github.com/advisories/GHSA-qwcr-r2fm-qrc7
fix available via `npm audit fix`
node_modules/body-parser

elliptic  2.0.0 - 6.5.6
Elliptic's EDDSA missing signature length check - https://github.com/advisories/GHSA-f7q4-pwc6-w24p
Elliptic's ECDSA missing check for whether leading bit of r and s is zero - https://github.com/advisories/GHSA-977x-g7h5-7qgw
Elliptic allows BER-encoded signatures - https://github.com/advisories/GHSA-49q7-c7j4-3p7m
fix available via `npm audit fix`
node_modules/meteor-node-stubs/node_modules/elliptic

ip  *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
No fix available
node_modules/ip

lodash.set  *
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
No fix available
node_modules/lodash.set

micromatch  <4.0.8
Severity: moderate
Regular Expression Denial of Service (ReDoS) in micromatch - https://github.com/advisories/GHSA-952p-6rrq-rcjv
fix available via `npm audit fix`
node_modules/micromatch

path-to-regexp  0.2.0 - 1.8.0 || 2.0.0 - 3.2.0
Severity: high
path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
fix available via `npm audit fix --force`
Will install serve@6.5.8, which is a breaking change
node_modules/path-to-regexp
node_modules/serve-handler/node_modules/path-to-regexp
  serve-handler  *
  Depends on vulnerable versions of path-to-regexp
  node_modules/serve-handler
    serve  >=7.0.0
    Depends on vulnerable versions of serve-handler
    node_modules/serve

quill  <=1.3.7
Severity: moderate
Cross-site Scripting in quill - https://github.com/advisories/GHSA-4943-9vgg-gr5r
No fix available
node_modules/quill
  quill-image-resize-module  *
  Depends on vulnerable versions of quill
  node_modules/quill-image-resize-module
  react-quill  >=0.0.3
  Depends on vulnerable versions of quill
  node_modules/react-quill

11 vulnerabilities (1 low, 4 moderate, 6 high)