-
Notifications
You must be signed in to change notification settings - Fork 9
/
yarn-audit-issues-result
32 lines (32 loc) · 12.5 KB
/
yarn-audit-issues-result
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
{"type":"auditSummary","data":{"value":"ajv","children":{"ID":1089034,"Issue":"Prototype Pollution in Ajv","URL":"https://github.com/advisories/GHSA-v88g-cgmw-v5xw","Severity":"moderate","Vulnerable Versions":"<6.12.3","Tree Versions":["4.11.8"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditSummary","data":{"value":"cryptiles","children":{"ID":"cryptiles (deprecation)","Issue":"This module has moved and is now available at @hapi/cryptiles. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.","Severity":"moderate","Vulnerable Versions":"4.1.3","Tree Versions":["4.1.3"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditSummary","data":{"value":"flat","children":{"ID":1089152,"Issue":"flat vulnerable to Prototype Pollution","URL":"https://github.com/advisories/GHSA-2j2x-2gpw-g8fm","Severity":"critical","Vulnerable Versions":"<5.0.1","Tree Versions":["4.1.1"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditSummary","data":{"value":"formidable","children":{"ID":"formidable (deprecation)","Issue":"Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau","Severity":"moderate","Vulnerable Versions":"1.2.6","Tree Versions":["1.2.6"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditSummary","data":{"value":"loadsh","children":{"ID":"loadsh (deprecation)","Issue":"This is a typosquat on the popular Lodash package. This is not maintained nor is the original Lodash package.","Severity":"moderate","Vulnerable Versions":"0.0.3","Tree Versions":["0.0.3"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditSummary","data":{"value":"puppeteer","children":{"ID":"puppeteer (deprecation)","Issue":"< 21.5.0 is no longer supported","Severity":"moderate","Vulnerable Versions":"5.5.0","Tree Versions":["5.5.0"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditSummary","data":{"value":"request","children":{"ID":1092972,"Issue":"Server-Side Request Forgery in Request","URL":"https://github.com/advisories/GHSA-p8p7-x288-28g6","Severity":"moderate","Vulnerable Versions":"<=2.88.2","Tree Versions":["2.88.2"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditSummary","data":{"value":"request-promise-native","children":{"ID":"request-promise-native (deprecation)","Issue":"request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142","Severity":"moderate","Vulnerable Versions":"1.0.9","Tree Versions":["1.0.9"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditSummary","data":{"value":"sinon","children":{"ID":"sinon (deprecation)","Issue":"16.1.1","Severity":"moderate","Vulnerable Versions":"2.4.1","Tree Versions":["2.4.1"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditSummary","data":{"value":"stryker","children":{"ID":"stryker (deprecation)","Issue":"Stryker v1 is released, but you're still using a 0.x version. This version is no longer maintained. Please use @stryker-mutator/core. See https://stryker-mutator.io/blog/2019-02-13/announcing-stryker-1-0 for the full migration guide.","Severity":"moderate","Vulnerable Versions":"0.35.1","Tree Versions":["0.35.1"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditSummary","data":{"value":"stryker-api","children":{"ID":"stryker-api (deprecation)","Issue":"Stryker v1 is released, but you're still using a 0.x version. This version is no longer maintained. Please use @stryker-mutator/core. See https://stryker-mutator.io/blog/2019-02-13/announcing-stryker-1-0 for the full migration guide.","Severity":"moderate","Vulnerable Versions":"0.16.1","Tree Versions":["0.16.1"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditSummary","data":{"value":"stryker-html-reporter","children":{"ID":"stryker-html-reporter (deprecation)","Issue":"Stryker v1 is released, but you're still using a 0.x version. This version is no longer maintained. Please use @stryker-mutator/html-reporter. See https://stryker-mutator.io/blog/2019-02-13/announcing-stryker-1-0 for the full migration guide.","Severity":"moderate","Vulnerable Versions":"0.13.3","Tree Versions":["0.13.3"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditSummary","data":{"value":"stryker-javascript-mutator","children":{"ID":"stryker-javascript-mutator (deprecation)","Issue":"Stryker v1 is released, but you're still using a 0.x version. This version is no longer maintained. Please use @stryker-mutator/javascript-mutator. See https://stryker-mutator.io/blog/2019-02-13/announcing-stryker-1-0 for the full migration guide.","Severity":"moderate","Vulnerable Versions":"0.6.3","Tree Versions":["0.6.3"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditSummary","data":{"value":"stryker-mocha-framework","children":{"ID":"stryker-mocha-framework (deprecation)","Issue":"Stryker v1 is released, but you're still using a 0.x version. This version is no longer maintained. Please use @stryker-mutator/mocha-framework. See https://stryker-mutator.io/blog/2019-02-13/announcing-stryker-1-0 for the full migration guide.","Severity":"moderate","Vulnerable Versions":"0.9.2","Tree Versions":["0.9.2"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditSummary","data":{"value":"superagent","children":{"ID":"superagent (deprecation)","Issue":"Please upgrade to v7.0.2+ of superagent. We have fixed numerous issues with streams, form-data, attach(), filesystem errors not bubbling up (ENOENT on attach()), and all tests are now passing. See the releases tab for more information at <https://github.com/visionmedia/superagent/releases>.","Severity":"moderate","Vulnerable Versions":"5.2.1","Tree Versions":["5.2.1"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditSummary","data":{"value":"uuid","children":{"ID":"uuid (deprecation)","Issue":"Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.","Severity":"moderate","Vulnerable Versions":"3.4.0","Tree Versions":["3.4.0"],"Dependents":["divorce-frontend@workspace:."]}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"ajv","children":{"ID":1089034,"Issue":"Prototype Pollution in Ajv","URL":"https://github.com/advisories/GHSA-v88g-cgmw-v5xw","Severity":"moderate","Vulnerable Versions":"<6.12.3","Tree Versions":["4.11.8"],"Dependents":["divorce-frontend@workspace:."]}}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"cryptiles","children":{"ID":"cryptiles (deprecation)","Issue":"This module has moved and is now available at @hapi/cryptiles. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.","Severity":"moderate","Vulnerable Versions":"4.1.3","Tree Versions":["4.1.3"],"Dependents":["divorce-frontend@workspace:."]}}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"flat","children":{"ID":1089152,"Issue":"flat vulnerable to Prototype Pollution","URL":"https://github.com/advisories/GHSA-2j2x-2gpw-g8fm","Severity":"critical","Vulnerable Versions":"<5.0.1","Tree Versions":["4.1.1"],"Dependents":["divorce-frontend@workspace:."]}}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"formidable","children":{"ID":"formidable (deprecation)","Issue":"Please upgrade to latest, formidable@v2 or formidable@v3! Check these notes: https://bit.ly/2ZEqIau","Severity":"moderate","Vulnerable Versions":"1.2.6","Tree Versions":["1.2.6"],"Dependents":["divorce-frontend@workspace:."]}}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"loadsh","children":{"ID":"loadsh (deprecation)","Issue":"This is a typosquat on the popular Lodash package. This is not maintained nor is the original Lodash package.","Severity":"moderate","Vulnerable Versions":"0.0.3","Tree Versions":["0.0.3"],"Dependents":["divorce-frontend@workspace:."]}}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"puppeteer","children":{"ID":"puppeteer (deprecation)","Issue":"< 21.5.0 is no longer supported","Severity":"moderate","Vulnerable Versions":"5.5.0","Tree Versions":["5.5.0"],"Dependents":["divorce-frontend@workspace:."]}}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"request","children":{"ID":1092972,"Issue":"Server-Side Request Forgery in Request","URL":"https://github.com/advisories/GHSA-p8p7-x288-28g6","Severity":"moderate","Vulnerable Versions":"<=2.88.2","Tree Versions":["2.88.2"],"Dependents":["divorce-frontend@workspace:."]}}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"request-promise-native","children":{"ID":"request-promise-native (deprecation)","Issue":"request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142","Severity":"moderate","Vulnerable Versions":"1.0.9","Tree Versions":["1.0.9"],"Dependents":["divorce-frontend@workspace:."]}}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"sinon","children":{"ID":"sinon (deprecation)","Issue":"16.1.1","Severity":"moderate","Vulnerable Versions":"2.4.1","Tree Versions":["2.4.1"],"Dependents":["divorce-frontend@workspace:."]}}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"stryker","children":{"ID":"stryker (deprecation)","Issue":"Stryker v1 is released, but you're still using a 0.x version. This version is no longer maintained. Please use @stryker-mutator/core. See https://stryker-mutator.io/blog/2019-02-13/announcing-stryker-1-0 for the full migration guide.","Severity":"moderate","Vulnerable Versions":"0.35.1","Tree Versions":["0.35.1"],"Dependents":["divorce-frontend@workspace:."]}}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"stryker-api","children":{"ID":"stryker-api (deprecation)","Issue":"Stryker v1 is released, but you're still using a 0.x version. This version is no longer maintained. Please use @stryker-mutator/core. See https://stryker-mutator.io/blog/2019-02-13/announcing-stryker-1-0 for the full migration guide.","Severity":"moderate","Vulnerable Versions":"0.16.1","Tree Versions":["0.16.1"],"Dependents":["divorce-frontend@workspace:."]}}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"stryker-html-reporter","children":{"ID":"stryker-html-reporter (deprecation)","Issue":"Stryker v1 is released, but you're still using a 0.x version. This version is no longer maintained. Please use @stryker-mutator/html-reporter. See https://stryker-mutator.io/blog/2019-02-13/announcing-stryker-1-0 for the full migration guide.","Severity":"moderate","Vulnerable Versions":"0.13.3","Tree Versions":["0.13.3"],"Dependents":["divorce-frontend@workspace:."]}}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"stryker-javascript-mutator","children":{"ID":"stryker-javascript-mutator (deprecation)","Issue":"Stryker v1 is released, but you're still using a 0.x version. This version is no longer maintained. Please use @stryker-mutator/javascript-mutator. See https://stryker-mutator.io/blog/2019-02-13/announcing-stryker-1-0 for the full migration guide.","Severity":"moderate","Vulnerable Versions":"0.6.3","Tree Versions":["0.6.3"],"Dependents":["divorce-frontend@workspace:."]}}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"stryker-mocha-framework","children":{"ID":"stryker-mocha-framework (deprecation)","Issue":"Stryker v1 is released, but you're still using a 0.x version. This version is no longer maintained. Please use @stryker-mutator/mocha-framework. See https://stryker-mutator.io/blog/2019-02-13/announcing-stryker-1-0 for the full migration guide.","Severity":"moderate","Vulnerable Versions":"0.9.2","Tree Versions":["0.9.2"],"Dependents":["divorce-frontend@workspace:."]}}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"superagent","children":{"ID":"superagent (deprecation)","Issue":"Please upgrade to v7.0.2+ of superagent. We have fixed numerous issues with streams, form-data, attach(), filesystem errors not bubbling up (ENOENT on attach()), and all tests are now passing. See the releases tab for more information at <https://github.com/visionmedia/superagent/releases>.","Severity":"moderate","Vulnerable Versions":"5.2.1","Tree Versions":["5.2.1"],"Dependents":["divorce-frontend@workspace:."]}}}}
{"type":"auditAdvisory","data":{"advisory":{"value":"uuid","children":{"ID":"uuid (deprecation)","Issue":"Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.","Severity":"moderate","Vulnerable Versions":"3.4.0","Tree Versions":["3.4.0"],"Dependents":["divorce-frontend@workspace:."]}}}}