Bump actions/cache from 3.3.1 to 4.1.1 #8145
Annotations
10 errors and 1 warning
|
Audit dependencies
Security advisory:
Title: qs vulnerable to Prototype Pollution
Module name: qs
Dependency: node-libcurl
Path: node-libcurl>node-gyp>request>qs
Severity: high
Details: https://github.com/advisories/GHSA-hrpp-h998-j3pp
|
|
Audit dependencies
Security advisory:
Title: tough-cookie Prototype Pollution vulnerability
Module name: tough-cookie
Dependency: node-libcurl
Path: node-libcurl>node-gyp>request>tough-cookie
Severity: moderate
Details: https://github.com/advisories/GHSA-72xf-g2v4-qvf3
|
|
Audit dependencies
Security advisory:
Title: qs vulnerable to Prototype Pollution
Module name: qs
Dependency: express
Path: express>qs
Severity: high
Details: https://github.com/advisories/GHSA-hrpp-h998-j3pp
|
|
Audit dependencies
Security advisory:
Title: send vulnerable to template injection that can lead to XSS
Module name: send
Dependency: express
Path: express>send
Severity: moderate
Details: https://github.com/advisories/GHSA-m6fv-jmcg-4jfg
|
|
Audit dependencies
Security advisory:
Title: serve-static vulnerable to template injection that can lead to XSS
Module name: serve-static
Dependency: express
Path: express>serve-static
Severity: moderate
Details: https://github.com/advisories/GHSA-cm22-4g7w-348p
|
|
Audit dependencies
Security advisory:
Title: path-to-regexp outputs backtracking regular expressions
Module name: path-to-regexp
Dependency: express
Path: express>path-to-regexp
Severity: high
Details: https://github.com/advisories/GHSA-9wv6-86v2-598j
|
|
Audit dependencies
Security advisory:
Title: Command Injection in moment-timezone
Module name: moment-timezone
Dependency: moment-timezone
Path: moment-timezone
Severity: low
Details: https://github.com/advisories/GHSA-56x4-j7p9-fcf9
|
|
Audit dependencies
Security advisory:
Title: Cleartext Transmission of Sensitive Information in moment-timezone
Module name: moment-timezone
Dependency: moment-timezone
Path: moment-timezone
Severity: moderate
Details: https://github.com/advisories/GHSA-v78c-4p63-2j6c
|
|
Audit dependencies
Security advisory:
Title: json-schema is vulnerable to Prototype Pollution
Module name: json-schema
Dependency: node-libcurl
Path: node-libcurl>node-gyp>request>http-signature>jsprim>json-schema
Severity: critical
Details: https://github.com/advisories/GHSA-896r-f27r-55mw
|
|
Audit dependencies
Security advisory:
Title: Moment.js vulnerable to Inefficient Regular Expression Complexity
Module name: moment
Dependency: moment
Path: moment
Severity: high
Details: https://github.com/advisories/GHSA-wc69-rhjr-hc9g
|
|
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c, actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8, nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
|
Loading