Giter Club home page Giter Club logo

antd-vue-template's People

Contributors

silverlovesl avatar

Watchers

avatar

antd-vue-template's Issues

PR - $PR_NUMBER

"auditAdvisory"
{"resolution":{"id":1064664,"path":"axios>follow-redirects","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.14.4","paths":["axios>follow-redirects"]}],"metadata":null,"vulnerable_versions":"<1.14.7","module_name":"follow-redirects","severity":"high","github_advisory_id":"GHSA-74fj-2j2h-c42q","cves":["CVE-2022-0155"],"access":"public","patched_versions":">=1.14.7","cvss":{"score":8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},"updated":"2022-01-11T18:41:09.000Z","recommendation":"Upgrade to version 1.14.7 or later","cwe":["CWE-359"],"found_by":null,"deleted":null,"id":1064664,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0155\n- follow-redirects/follow-redirects@8b347cbcef7c7b72a6e9be20f5710c17d6163c22\n- https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406\n- https://github.com/advisories/GHSA-74fj-2j2h-c42q","created":"2022-03-11T08:00:43.764Z","reported_by":null,"title":"Exposure of sensitive information in follow-redirects","npm_advisory_id":null,"overview":"follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-74fj-2j2h-c42q"}}
"auditAdvisory"
{"resolution":{"id":1065072,"path":"ant-design-style-sumamry>gulp>glob-watcher>chokidar>glob-parent","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"3.1.0","paths":["ant-design-style-sumamry>gulp>glob-watcher>chokidar>glob-parent"]}],"metadata":null,"vulnerable_versions":"<5.1.2","module_name":"glob-parent","severity":"high","github_advisory_id":"GHSA-ww39-953v-wcq6","cves":["CVE-2020-28469"],"access":"public","patched_versions":">=5.1.2","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-06-04T18:30:46.000Z","recommendation":"Upgrade to version 5.1.2 or later","cwe":["CWE-400"],"found_by":null,"deleted":null,"id":1065072,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2020-28469\n- https://github.com/gulpjs/glob-parent/pull/36\n- https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9\n- https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092\n- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905\n- https://www.oracle.com/security-alerts/cpujan2022.html\n- https://github.com/advisories/GHSA-ww39-953v-wcq6","created":"2022-03-11T08:00:43.824Z","reported_by":null,"title":"Regular expression denial of service","npm_advisory_id":null,"overview":"This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.","url":"https://github.com/advisories/GHSA-ww39-953v-wcq6"}}
"auditSummary"
{"vulnerabilities":{"info":0,"low":0,"moderate":3,"high":2,"critical":0},"dependencies":552,"devDependencies":0,"optionalDependencies":0,"totalDependencies":552}

PR-

"auditAdvisory"
{"resolution":{"id":1064664,"path":"axios>follow-redirects","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.14.4","paths":["axios>follow-redirects"]}],"metadata":null,"vulnerable_versions":"<1.14.7","module_name":"follow-redirects","severity":"high","github_advisory_id":"GHSA-74fj-2j2h-c42q","cves":["CVE-2022-0155"],"access":"public","patched_versions":">=1.14.7","cvss":{"score":8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},"updated":"2022-01-11T18:41:09.000Z","recommendation":"Upgrade to version 1.14.7 or later","cwe":["CWE-359"],"found_by":null,"deleted":null,"id":1064664,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0155\n- follow-redirects/follow-redirects@8b347cbcef7c7b72a6e9be20f5710c17d6163c22\n- https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406\n- https://github.com/advisories/GHSA-74fj-2j2h-c42q","created":"2022-03-11T08:00:43.764Z","reported_by":null,"title":"Exposure of sensitive information in follow-redirects","npm_advisory_id":null,"overview":"follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-74fj-2j2h-c42q"}}
"auditAdvisory"
{"resolution":{"id":1065072,"path":"ant-design-style-sumamry>gulp>glob-watcher>chokidar>glob-parent","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"3.1.0","paths":["ant-design-style-sumamry>gulp>glob-watcher>chokidar>glob-parent"]}],"metadata":null,"vulnerable_versions":"<5.1.2","module_name":"glob-parent","severity":"high","github_advisory_id":"GHSA-ww39-953v-wcq6","cves":["CVE-2020-28469"],"access":"public","patched_versions":">=5.1.2","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-06-04T18:30:46.000Z","recommendation":"Upgrade to version 5.1.2 or later","cwe":["CWE-400"],"found_by":null,"deleted":null,"id":1065072,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2020-28469\n- https://github.com/gulpjs/glob-parent/pull/36\n- https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9\n- https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092\n- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905\n- https://www.oracle.com/security-alerts/cpujan2022.html\n- https://github.com/advisories/GHSA-ww39-953v-wcq6","created":"2022-03-11T08:00:43.824Z","reported_by":null,"title":"Regular expression denial of service","npm_advisory_id":null,"overview":"This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.","url":"https://github.com/advisories/GHSA-ww39-953v-wcq6"}}
"auditSummary"
{"vulnerabilities":{"info":0,"low":0,"moderate":3,"high":2,"critical":0},"dependencies":552,"devDependencies":0,"optionalDependencies":0,"totalDependencies":552}

Some title

There are some high priority issues with your packages. Please check them.

PR-$PR_NUMBER

"auditAdvisory"
{"resolution":{"id":1064664,"path":"axios>follow-redirects","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"1.14.4","paths":["axios>follow-redirects"]}],"metadata":null,"vulnerable_versions":"<1.14.7","module_name":"follow-redirects","severity":"high","github_advisory_id":"GHSA-74fj-2j2h-c42q","cves":["CVE-2022-0155"],"access":"public","patched_versions":">=1.14.7","cvss":{"score":8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},"updated":"2022-01-11T18:41:09.000Z","recommendation":"Upgrade to version 1.14.7 or later","cwe":["CWE-359"],"found_by":null,"deleted":null,"id":1064664,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2022-0155\n- follow-redirects/follow-redirects@8b347cbcef7c7b72a6e9be20f5710c17d6163c22\n- https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406\n- https://github.com/advisories/GHSA-74fj-2j2h-c42q","created":"2022-03-11T08:00:43.764Z","reported_by":null,"title":"Exposure of sensitive information in follow-redirects","npm_advisory_id":null,"overview":"follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor","url":"https://github.com/advisories/GHSA-74fj-2j2h-c42q"}}
"auditAdvisory"
{"resolution":{"id":1065072,"path":"ant-design-style-sumamry>gulp>glob-watcher>chokidar>glob-parent","dev":false,"optional":false,"bundled":false},"advisory":{"findings":[{"version":"3.1.0","paths":["ant-design-style-sumamry>gulp>glob-watcher>chokidar>glob-parent"]}],"metadata":null,"vulnerable_versions":"<5.1.2","module_name":"glob-parent","severity":"high","github_advisory_id":"GHSA-ww39-953v-wcq6","cves":["CVE-2020-28469"],"access":"public","patched_versions":">=5.1.2","cvss":{"score":7.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"updated":"2021-06-04T18:30:46.000Z","recommendation":"Upgrade to version 5.1.2 or later","cwe":["CWE-400"],"found_by":null,"deleted":null,"id":1065072,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2020-28469\n- https://github.com/gulpjs/glob-parent/pull/36\n- https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9\n- https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093\n- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092\n- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905\n- https://www.oracle.com/security-alerts/cpujan2022.html\n- https://github.com/advisories/GHSA-ww39-953v-wcq6","created":"2022-03-11T08:00:43.824Z","reported_by":null,"title":"Regular expression denial of service","npm_advisory_id":null,"overview":"This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.","url":"https://github.com/advisories/GHSA-ww39-953v-wcq6"}}
"auditSummary"
{"vulnerabilities":{"info":0,"low":0,"moderate":3,"high":2,"critical":0},"dependencies":552,"devDependencies":0,"optionalDependencies":0,"totalDependencies":552}

Dependency vulnerability

yarn audit v1.22.17
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Exposure of sensitive information in follow-redirects │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ follow-redirects │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.14.7 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ axios │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ axios > follow-redirects │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1064664
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ high │ Regular expression denial of service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ glob-parent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=5.1.2 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ ant-design-style-sumamry │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ ant-design-style-sumamry > gulp > glob-watcher > chokidar > │
│ │ glob-parent │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1065072
└───────────────┴──────────────────────────────────────────────────────────────┘
5 vulnerabilities found - Packages audited: 552
Severity: 3 Moderate | 2 High
Done in 1.05s.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.