Security Vulnerabilities (3)

Question

Security Vulnerabilities (3)

sumitridhal opened this issue 3 years ago · 0 comments

Improper Certificate Validation in xmlhttprequest-ssl
Package xmlhttprequest-ssl
Patched in >=1.6.1
Path: spandx > browser-sync > socket.io-client > engine.io-client > xmlhttprequest-ssl
spandx > browser-sync > socket.io > socket.io-client > engine.io-client > xmlhttprequest-ssl
More Info: https://www.npmjs.com/advisories/1005175

Prototype Pollution in lodash
Package: lodash
Patched in: >=4.17.12
Path: spandx > browser-sync > easy-extender > lodash
More info: https://www.npmjs.com/advisories/1006231

Insufficient Entropy in cryptiles
Package :cryptiles
Patched in : >=4.1.2
Path: spandx > browser-sync > localtunnel > request > hawk > cryptiles
More info │ https://www.npmjs.com/advisories/1006603

yarn --version
1.22.17

node --version
v16.13.0