Need to resolve vulnerabilities on snappy.
mma3069 opened this issue · 0 comments
Need to update snappy version:
As a part of Node js version upgrade we found there are few vulnerabilities on snappy. we need to update snappy to latest version.
Environment:Dev
- Node version:16
- Kafka-node version:5.0.0
Include Sample Code to reproduce behavior
npm audit
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
Try the new cross-platform PowerShell https://aka.ms/pscore6
PS C:\Users\XXXX\webStormWorkspace\FADFM-35912\fabric-loans-transactions-api> npm audit
npm WARN config global --global, --local are deprecated. Use --location=global instead.
npm audit report
simple-get < 4.0.1
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1. - https://huntr.dev/bounties/42c79c23-6646-46c4-871d-219c0d4b4
e31,feross/simple-get@e4af095
fix available via npm audit fix
node_modules/simple-get
prebuild-install <=6.1.4
Depends on vulnerable versions of simple-get
node_modules/prebuild-install
snappy 6.1.0 - 6.3.5
Depends on vulnerable versions of prebuild-install
node_modules/snappy
3 high severity vulnerabilities
To address all issues, run:
npm audit fix