You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Windows 10. audit fix and audit fix --force not working.
`# npm audit report
file-type 17.0.0 - 17.1.2
Severity: high
file-type vulnerable to Infinite Loop via malformed MKV file - GHSA-mhxj-85r3-2x55
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/astro-imagetools/node_modules/file-type
astro-imagetools *
Depends on vulnerable versions of file-type
Depends on vulnerable versions of imagetools-core
Depends on vulnerable versions of potrace
node_modules/astro-imagetools
sharp <0.30.5
Severity: moderate
sharp vulnerable to Command Injection in post-installation over build environment - GHSA-gp95-ppv5-3jc5
fix available via npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/imagetools-core/node_modules/sharp
imagetools-core <=3.0.2
Depends on vulnerable versions of sharp
node_modules/imagetools-core
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - GHSA-776f-qx25-q3cc
fix available via npm audit fix
node_modules/xml2js
parse-bmfont-xml *
Depends on vulnerable versions of xml2js
node_modules/parse-bmfont-xml
load-bmfont >=1.1.0
Depends on vulnerable versions of parse-bmfont-xml
node_modules/load-bmfont
@jimp/core <=0.17.1 || 0.17.3--canary.1136.7f5f5d8.0 || 0.18.0--canary.1133.54bf269.0 - 0.18.0--canary.1135.911ed04.0
Depends on vulnerable versions of load-bmfont
node_modules/potrace/node_modules/@jimp/core
@jimp/custom <=0.17.0--canary.1131.af3cb94.0 || 0.17.3--canary.1136.7f5f5d8.0 || 0.18.0--canary.1133.54bf269.0 - 0.18.0--canary.1135.911ed04.0
Depends on vulnerable versions of @jimp/core
node_modules/potrace/node_modules/@jimp/custom
jimp >=0.3.6-alpha.5
Depends on vulnerable versions of @jimp/custom
Depends on vulnerable versions of @jimp/plugins
node_modules/potrace/node_modules/jimp
potrace >=2.1.2
Depends on vulnerable versions of jimp
node_modules/potrace
@jimp/plugin-print *
Depends on vulnerable versions of load-bmfont
node_modules/@jimp/plugin-print
@jimp/plugins *
Depends on vulnerable versions of @jimp/plugin-print
node_modules/@jimp/plugins
13 vulnerabilities (11 moderate, 2 high)
`
The text was updated successfully, but these errors were encountered:
Hi @rowemoore,
Think this is related to astro-imagetools. The latest version is 0.9. so I cant imagine that a fix would be to downgrade.
I can be wrong, but the site is build in SSG, so the vulnerabilities are not exposed on the live site, can you let me know how someone could exploit this?
Thanks for the report,
I will investigate if I can find a fix for this.
Windows 10. audit fix and audit fix --force not working.
`# npm audit report
file-type 17.0.0 - 17.1.2
Severity: high
file-type vulnerable to Infinite Loop via malformed MKV file - GHSA-mhxj-85r3-2x55
fix available via
npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/astro-imagetools/node_modules/file-type
astro-imagetools *
Depends on vulnerable versions of file-type
Depends on vulnerable versions of imagetools-core
Depends on vulnerable versions of potrace
node_modules/astro-imagetools
sharp <0.30.5
Severity: moderate
sharp vulnerable to Command Injection in post-installation over build environment - GHSA-gp95-ppv5-3jc5
fix available via
npm audit fix --force
Will install [email protected], which is a breaking change
node_modules/imagetools-core/node_modules/sharp
imagetools-core <=3.0.2
Depends on vulnerable versions of sharp
node_modules/imagetools-core
xml2js <0.5.0
Severity: moderate
xml2js is vulnerable to prototype pollution - GHSA-776f-qx25-q3cc
fix available via
npm audit fix
node_modules/xml2js
parse-bmfont-xml *
Depends on vulnerable versions of xml2js
node_modules/parse-bmfont-xml
load-bmfont >=1.1.0
Depends on vulnerable versions of parse-bmfont-xml
node_modules/load-bmfont
@jimp/core <=0.17.1 || 0.17.3--canary.1136.7f5f5d8.0 || 0.18.0--canary.1133.54bf269.0 - 0.18.0--canary.1135.911ed04.0
Depends on vulnerable versions of load-bmfont
node_modules/potrace/node_modules/@jimp/core
@jimp/custom <=0.17.0--canary.1131.af3cb94.0 || 0.17.3--canary.1136.7f5f5d8.0 || 0.18.0--canary.1133.54bf269.0 - 0.18.0--canary.1135.911ed04.0
Depends on vulnerable versions of @jimp/core
node_modules/potrace/node_modules/@jimp/custom
jimp >=0.3.6-alpha.5
Depends on vulnerable versions of @jimp/custom
Depends on vulnerable versions of @jimp/plugins
node_modules/potrace/node_modules/jimp
potrace >=2.1.2
Depends on vulnerable versions of jimp
node_modules/potrace
@jimp/plugin-print *
Depends on vulnerable versions of load-bmfont
node_modules/@jimp/plugin-print
@jimp/plugins *
Depends on vulnerable versions of @jimp/plugin-print
node_modules/@jimp/plugins
13 vulnerabilities (11 moderate, 2 high)
`
The text was updated successfully, but these errors were encountered: