PS H:\GitHub\generate-subtitles> npm install
npm WARN deprecated [email protected]: Deprecated, use jstransformer
npm WARN deprecated [email protected]: Please update to at least constantinople 3.1.1
npm WARN deprecated [email protected]: Jade has been renamed to pug, please install the latest version of pug instead of jade
added 59 packages, removed 19 packages, changed 31 packages, and audited 292 packages in 4s
31 packages are looking for funding
run `npm fund` for details
13 vulnerabilities (2 low, 4 moderate, 3 high, 4 critical)
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
PS H:\GitHub\generate-subtitles> npm audit
# npm audit report
clean-css <4.1.11
Regular Expression Denial of Service in clean-css - https://github.com/advisories/GHSA-wxhq-pm8v-cw75
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/clean-css
jade >=0.30.0
Depends on vulnerable versions of clean-css
Depends on vulnerable versions of constantinople
Depends on vulnerable versions of transformers
node_modules/jade
constantinople <3.1.1
Severity: critical
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople - https://github.com/advisories/GHSA-4vmm-mhcq-4x9j
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/constantinople
debug <2.6.9
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
fix available via `npm audit fix --force`
Will install [email protected], which is outside the stated dependency range
node_modules/debug
body-parser <=1.18.1
Depends on vulnerable versions of debug
Depends on vulnerable versions of qs
node_modules/body-parser
morgan <=1.9.0
Depends on vulnerable versions of debug
node_modules/morgan
express <=4.17.2 || 5.0.0-alpha.1 - 5.0.0-alpha.7
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
Depends on vulnerable versions of qs
Depends on vulnerable versions of send
Depends on vulnerable versions of serve-static
fix available via `npm audit fix --force`
Will install [email protected], which is outside the stated dependency range
node_modules/express
mime <1.4.1
Severity: moderate
mime Regular Expression Denial of Service when mime lookup performed on untrusted user input - https://github.com/advisories/GHSA-wrvr-8mpx-r7pp
fix available via `npm audit fix --force`
Will install [email protected], which is outside the stated dependency range
node_modules/mime
send <=0.15.6
Depends on vulnerable versions of mime
node_modules/send
serve-static <=1.12.6
Depends on vulnerable versions of send
node_modules/serve-static
qs <=6.2.3 || 6.5.0 - 6.5.2
Severity: high
Prototype Pollution Protection Bypass in qs - https://github.com/advisories/GHSA-gqgv-6jq5-jjj9
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix --force`
Will install [email protected], which is outside the stated dependency range
node_modules/express/node_modules/qs
node_modules/qs
uglify-js <=2.5.0
Severity: critical
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-js - https://github.com/advisories/GHSA-34r7-q49f-h37c
Regular Expression Denial of Service in uglify-js - https://github.com/advisories/GHSA-c9f4-xj24-8jqx
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/transformers/node_modules/uglify-js
transformers 2.0.0 - 3.0.1
Depends on vulnerable versions of uglify-js
node_modules/transformers
13 vulnerabilities (2 low, 4 moderate, 3 high, 4 critical)
To address all issues (including breaking changes), run:
npm audit fix --force
SyntaxError: Unexpected identifier
at new Function (<anonymous>)
at exports.compile (H:\GitHub\generate-subtitles\node_modules\jade\lib\jade.js:171:8)
at exports.render (H:\GitHub\generate-subtitles\node_modules\jade\lib\jade.js:205:17)
at exports.renderFile [as engine] (H:\GitHub\generate-subtitles\node_modules\jade\lib\jade.js:233:13)
at View.render (H:\GitHub\generate-subtitles\node_modules\express\lib\view.js:135:8)
at tryRender (H:\GitHub\generate-subtitles\node_modules\express\lib\application.js:657:10)
at Function.render (H:\GitHub\generate-subtitles\node_modules\express\lib\application.js:609:3)
at ServerResponse.render (H:\GitHub\generate-subtitles\node_modules\express\lib\response.js:1039:7)
at H:\GitHub\generate-subtitles\app.js:133:7
at Layer.handle_error (H:\GitHub\generate-subtitles\node_modules\express\lib\router\layer.js:71:5)