Fresh install reports 5 severity vulnerabilities. #14
Description
Following the instructions here - Build custom React components
Reports 5 moderate severity vulnerabilities - See npm audit report below.
❯ git clone https://github.com/tryretool/custom-component-collection-template new-custom-component
Cloning into 'new-custom-component'...
remote: Enumerating objects: 71, done.
remote: Counting objects: 100% (27/27), done.
remote: Compressing objects: 100% (15/15), done.
remote: Total 71 (delta 16), reused 12 (delta 12), pack-reused 44 (from 1)
Receiving objects: 100% (71/71), 358.94 KiB | 2.80 MiB/s, done.
Resolving deltas: 100% (26/26), done.
❯ cd new-custom-component
❯ npm install
npm WARN deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/[email protected]: Use @eslint/config-array instead
npm WARN deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/[email protected]: Use @eslint/object-schema instead
npm WARN deprecated [email protected]: This version is no longer supported. Please see https://eslint.org/version-support for other options.
added 376 packages, and audited 377 packages in 3s
128 packages are looking for funding
run npm fund for details
5 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run npm audit for details.
❯ npm audit fix
up to date, audited 377 packages in 758ms
128 packages are looking for funding
run npm fund for details
npm audit report
esbuild <=0.24.2
Severity: moderate
esbuild enables any website to send any requests to the development server and read the response - GHSA-67mh-4wv8-2f99
fix available via npm audit fix --force
Will install @tryretool/[email protected], which is a breaking change
node_modules/esbuild
@tryretool/custom-component-support *
Depends on vulnerable versions of esbuild
Depends on vulnerable versions of esbuild-sass-plugin
Depends on vulnerable versions of postcss
Depends on vulnerable versions of undici
node_modules/@tryretool/custom-component-support
esbuild-sass-plugin <=3.2.0
Depends on vulnerable versions of esbuild
node_modules/esbuild-sass-plugin
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - GHSA-7fh5-64p2-3v2j
fix available via npm audit fix --force
Will install @tryretool/[email protected], which is a breaking change
node_modules/@tryretool/custom-component-support/node_modules/postcss
undici 6.0.0 - 6.21.0
Severity: moderate
Undici vulnerable to data leak when using response.arrayBuffer() - GHSA-3g92-w8c5-73pq
Use of Insufficiently Random Values in undici - GHSA-c76h-2ccp-4975
fix available via npm audit fix --force
Will install @tryretool/[email protected], which is a breaking change
node_modules/undici
5 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force