Open
Description
npm audit currently shows a lot of possible vulnerabilities for fb. These error might not be a big problem, but the more warnings you get, the higher is the chance that you might miss a real threat when it happens.
Any chance these dependencies could be updated?
Moderate Prototype pollution
Package hoek
Dependency of fb
Path fb > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Moderate Prototype pollution
Package hoek
Dependency of fb
Path fb > request > hawk > boom > hoek
More info https://nodesecurity.io/advisories/566
High Regular Expression Denial of Service
Package sshpk
Dependency of fb
Path fb > request > http-signature > sshpk
More info https://nodesecurity.io/advisories/606
Moderate Prototype pollution
Package hoek
Dependency of fb
Path fb > request > hawk > cryptiles > boom > hoek
More info https://nodesecurity.io/advisories/566
Moderate Out-of-bounds Read
Package stringstream
Dependency of fb
Path fb > request > stringstream
More info https://nodesecurity.io/advisories/664
Moderate Prototype pollution
Package hoek
Dependency of fb
Path fb > request > hawk > hoek
More info https://nodesecurity.io/advisories/566
High Regular Expression Denial of Service
Package tough-cookie
Dependency of fb
Path fb > request > tough-cookie
More info https://nodesecurity.io/advisories/525
# Run npm update debug --depth 8 to resolve 8 vulnerabilities
Low Regular Expression Denial of Service
Package debug
Dependency of fb
Path fb > debug
More info https://nodesecurity.io/advisories/534
Metadata
Assignees
Labels
No labels