NPM Vulnerability Report - Tuesday, June 25th, 2024

NPM packages have been checked for vulnerabilities using npm audit.

⚠️ - 2 High severity vulnerabilities

Uncontrolled resource consumption in braces.

Severity: high
CVSS Score: 7.5 / 10
Vulnerable Range: <3.0.3
Weaknesses: CWE-1050

GitHub Advisory

Latest Available Version: 3.0.3

This dependency has a fix available, but braces is NOT a direct dependency in your package.json.
See affected dependencies below:

Expand to see direct dependencies affected by this vulnerability.

• Direct dependency @jest/globals does NOT have a fix available.

• Direct dependency @types/jest does NOT have a fix available.

• Direct dependency @typescript-eslint/eslint-plugin may have a fix available because one of its nested child dependencies fixes the vulnerability and there is a new version of @typescript-eslint/eslint-plugin available.
  Update from version 7.12.0 to 7.14.1.

• Direct dependency @typescript-eslint/parser may have a fix available because one of its nested child dependencies fixes the vulnerability and there is a new version of @typescript-eslint/parser available.
  Update from version 7.12.0 to 7.14.1.

• Direct dependency jest does NOT have a fix available.

• Direct dependency jest-environment-jsdom does NOT have a fix available.

ws affected by a DoS when handling a request with many HTTP headers.

Severity: high
CVSS Score: 7.5 / 10
Vulnerable Range: 8.0.0 - 8.17.0
Weaknesses: CWE-476

GitHub Advisory

Latest Available Version: 8.17.1

This dependency has a fix available, but ws is NOT a direct dependency in your package.json.
See affected dependencies below:

Expand to see direct dependencies affected by this vulnerability.

• Direct dependency jest-environment-jsdom does NOT have a fix available.