security problem
grosfaignan opened this issue · 0 comments
grosfaignan commented
Bug report
high vulnerability found :
Actual Behavior
PS C:\xampp\htdocs\symfony\webpackStartup> npm audit
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Prototype Pollution in JSON5 via Parse Method
Package json5
Patched in >=1.0.2
Dependency of npm-install-webpack-plugin [dev]
Path npm-install-webpack-plugin > json5
More info https://github.com/advisories/GHSA-9c47-m6qq-7p4h
found 1 high severity vulnerability in 734 scanned packages
1 vulnerability requires manual review. See the full report for details.
$ npm audit fix can't fix it`
Expected Behavior
How Do We Reproduce?
$ npm install --save-dev npm-install-webpack-plugin
Please paste the results of npx webpack-cli info here, and mention other relevant information
OS: Windows 10 10.0.19044
CPU: (4) x64 Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Memory: 6.17 GB / 15.91 GB
Binaries:
Node: 14.17.5 - C:\Program Files\nodejs\node.EXE
npm: 6.14.14 - C:\Program Files\nodejs\npm.CMD
Browsers:
Edge: Spartan (44.19041.1266.0), Chromium (112.0.1722.46)
Internet Explorer: 11.0.19041.1566
Packages:
babel-loader: ^9.1.2 => 9.1.2
css-loader: ^6.7.3 => 6.7.3
eslint-webpack-plugin: ^4.0.0 => 4.0.0
html-webpack-plugin: ^5.5.0 => 5.5.0
less-loader: ^11.1.0 => 11.1.0
npm-install-webpack-plugin: ^4.0.5 => 4.0.5
postcss-loader: ^7.1.0 => 7.1.0
style-loader: ^3.3.2 => 3.3.2
terser-webpack-plugin: ^5.3.7 => 5.3.7
time-analytics-webpack-plugin: ^0.1.20 => 0.1.20
webpack: ^5.76.3 => 5.76.3
webpack-bundle-analyzer: ^4.8.0 => 4.8.0
webpack-cli: ^5.0.1 => 5.0.1
```