Comments (2)
mfix22
commented on May 29, 2024
Absolutely! 👍
from alchemy.
jrhorn424
commented on May 29, 2024
The following vulnerabilities remain after automatic fixes. I'll send the PR with automatic fixes shortly.
jeffh@hook:~/projects/alchemy on (jrh-update-vulnerable-packages)! in .
% npm audit
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ string │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ string │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ string │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/536 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Critical │ Command Injection │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ open │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ No patch available │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ release [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ release > open │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/663 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ release [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ release > git-spawned-stream > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 3 vulnerabilities (1 low, 1 high, 1 critical) in 30559 scanned packages
3 vulnerabilities require manual review. See the full report for details.
If you'd like me to look into these, I'm happy to.
from alchemy.
Related Issues (20)
- Can't merge file name with a space in it. HOT 1
- Set up Hazel Autoupdater HOT 1
- Doesn't support .webp HOT 4
- Only errors HOT 3
- save path not encoded HOT 8
- Alchemy Maintainer(s) wanted 🙏 HOT 3
- [macOS] Auto-close the pop up when a different menu-bar app if clicked HOT 1
- Stuck Converting HOT 16
- support non-standard image formats for PDF merge
- Convert fails with differing extensions HOT 3
- 0.5.1 release broken HOT 3
- Merging PDFs HOT 1
- Merging doesn't finish HOT 18
- File name on the bottom of the image? HOT 1
- "Download for Windows" button has incorrect link. HOT 5
- Adding support for converting from HEIC? HOT 10
- No way to stop it HOT 3
- Doesn't show any GUI on Windows 7 HOT 2
- window closes as soon as i switch focus off of it
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from alchemy.