Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Installation reports vulnerabilities #426

Open
MikeMcC399 opened this issue Mar 27, 2024 · 1 comment
Open

Installation reports vulnerabilities #426

MikeMcC399 opened this issue Mar 27, 2024 · 1 comment

Comments

@MikeMcC399
Copy link
Contributor

MikeMcC399 commented Mar 27, 2024
edited
Loading

Versions

  • What is this plugin's version: 2.2.1
  • What is the Node version: v20.12.1
  • What is the NPM version: 10.5.0

Describe the bug

Installing netlify-plugin-cypress@latest (v2.2.1) reports several vulnerabilities:

6 vulnerabilities (1 low, 1 moderate, 4 high)

These are not fixable by running npm audit fix.

Steps to reproduce

Execute:

mkdir netlify-plugin-test
cd netlify-plugin-test
npm init -y
npm install netlify-plugin-cypress@latest

note vulnerability report:

6 vulnerabilities (1 low, 1 moderate, 4 high)

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

Now execute

npm audit fix

which results in the following log:

$ npm audit
# npm audit report

@koa/cors  <5.0.0
Severity: high
Overly permissive origin policy - https://github.com/advisories/GHSA-qxrj-hx23-xp82
No fix available
node_modules/@koa/cors
  lws-cors  1.0.0 - 4.2.0
  Depends on vulnerable versions of @koa/cors
  node_modules/lws-cors
    local-web-server  2.3.0 - 5.1.1
    Depends on vulnerable versions of lws-cors
    node_modules/local-web-server
      netlify-plugin-cypress  *
      Depends on vulnerable versions of debug
      Depends on vulnerable versions of got
      Depends on vulnerable versions of local-web-server
      node_modules/netlify-plugin-cypress

debug  4.0.0 - 4.3.0
Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c
No fix available
node_modules/debug

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
No fix available
node_modules/got

6 vulnerabilities (1 low, 1 moderate, 4 high)

Some issues need review, and may require choosing
a different dependency.

Expected

When

npm install netlify-plugin-cypress@latest

is executed, no vulnerabilities should be displayed.

Related issues
@MikeMcC399 MikeMcC399 mentioned this issue Mar 27, 2024
Open
@MikeMcC399
Copy link
Contributor Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MikeMcC399