Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update cheerio and svgo to fix vulns #217

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: update cheerio and svgo to fix vulns #217

wants to merge 1 commit into from

Conversation

THATDONFC
Copy link

Reported by npm audit

cheerio 0.14.0 - 0.19.0
Depends on vulnerable versions of lodash
lodash <=4.17.18
Prototype Pollution - https://npmjs.com/advisories/1065
Prototype Pollution - https://npmjs.com/advisories/1523
Prototype Pollution - https://npmjs.com/advisories/577
Prototype Pollution - https://npmjs.com/advisories/782

svgo 0.4.2 - 1.0.5
Depends on vulnerable versions of js-yaml
js-yaml <=3.13.0
Denial of Service - https://npmjs.com/advisories/788
Code Injection - https://npmjs.com/advisories/813

@THATDONFC
fix: update cheerio and svgo to fix vulns
7d4af86 
Reported by npm audit

cheerio  0.14.0 - 0.19.0
  Depends on vulnerable versions of lodash
lodash  <=4.17.18
Prototype Pollution - https://npmjs.com/advisories/1065
Prototype Pollution - https://npmjs.com/advisories/1523
Prototype Pollution - https://npmjs.com/advisories/577
Prototype Pollution - https://npmjs.com/advisories/782

svgo  0.4.2 - 1.0.5
  Depends on vulnerable versions of js-yaml
js-yaml  <=3.13.0
Denial of Service - https://npmjs.com/advisories/788
Code Injection - https://npmjs.com/advisories/813
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@THATDONFC