同学，您这个项目引入了181个开源组件，存在2个漏洞，辛苦升级一下

Question

同学，您这个项目引入了181个开源组件，存在2个漏洞，辛苦升级一下

Closed this issue 3 years ago · 2 comments

检测到 robertocarlosmedina/masrapt-api 一共引入了181个开源组件，存在2个漏洞

漏洞标题：validator.js 安全漏洞
缺陷组件：validator@10.11.0
漏洞编号：CVE-2021-3765
漏洞描述：Validator.js是一个字符串验证器
validator.js存在安全漏洞，该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。
影响范围：(∞, 13.7.0)
最小修复版本：13.7.0
缺陷组件引入路径：masrapt-api@1.0.0->sequelize@6.6.2->validator@10.11.0

另外还有2个漏洞，详细报告：https://mofeisec.com/jr?p=ie902d

Answer 1 · 2022-03-10T14:31:15.000Z

@Kwaiseec, would you mind to enplane your issue more clearly please.

Answer 2 · 2022-03-10T22:32:52.000Z

Thanks in advance. We have already updated the outdated packages. following the following commands from the Nodejs documentation.

To update all packages to a new major version, install the npm-check-updates package globally.
npm install -g npm-check-updates

then run it:
ncu -u

this will upgrade all the version hints in the package.json file, to dependencies and devDependencies, so npm can install the new major version.
You are now ready to run the update:
npm update

Official Docs: Update Node packeges