Vulneribilities detected in npm audit for version 1.0.8 #118
Description
Using node v16.13.0 following audit vulnerabilities comes out
lodash.pick >=4.0.0
Severity: high
Prototype Pollution in lodash - GHSA-p6mc-m468-83gw
fix available via npm audit fix
node_modules/lodash.pick
cheerio 0.22.0
Depends on vulnerable versions of lodash.pick
node_modules/cheerio
inline-css 2.2.4 - 4.0.0
Depends on vulnerable versions of cheerio
Depends on vulnerable versions of extract-css
node_modules/inline-css
list-stylesheets 1.1.1 - 1.2.10
Depends on vulnerable versions of cheerio
node_modules/list-stylesheets
extract-css 1.0.5 - 2.0.1
Depends on vulnerable versions of list-stylesheets
Depends on vulnerable versions of style-data
node_modules/extract-css
style-data 1.1.3 - 1.4.8
Depends on vulnerable versions of cheerio
node_modules/style-data
node-fetch <2.6.7
Severity: high
node-fetch forwards secure headers to untrusted sites - GHSA-r683-j2x4-v87g
fix available via npm audit fix --force
Will install html-pdf-node@1.0.7, which is a breaking change
node_modules/node-fetch
puppeteer 10.0.0 - 13.1.1
Depends on vulnerable versions of node-fetch
Depends on vulnerable versions of ws
node_modules/html-pdf-node/node_modules/puppeteer
html-pdf-node >=1.0.8
Depends on vulnerable versions of puppeteer
node_modules/html-pdf-node
ws 7.0.0 - 7.5.9
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - GHSA-3h5v-q93c-6h6q
fix available via npm audit fix --force
Will install html-pdf-node@1.0.7, which is a breaking change
node_modules/html-pdf-node/node_modules/ws
puppeteer 10.0.0 - 13.1.1
Depends on vulnerable versions of node-fetch
Depends on vulnerable versions of ws
node_modules/html-pdf-node/node_modules/puppeteer
html-pdf-node >=1.0.8
Depends on vulnerable versions of puppeteer
node_modules/html-pdf-node