Hey @leolabs,
There are currently 7 issues (4 low, 2 moderate, 1 critical) in some NPM packages used by JSON Autotranslate. Addressing these issues is essential to patch security vulnerabilities, prevent technical debt and ensure the long-term health of the project.
# npm audit report
@babel/helpers <7.26.10
Severity: moderate
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups - https://github.com/advisories/GHSA-968p-4wvh-cqc8
fix available via `npm audit fix`
node_modules/@babel/helpers
brace-expansion 1.0.0 - 1.1.11 || 2.0.0 - 2.0.1
brace-expansion Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-v6h2-p8h4-qcjw
brace-expansion Regular Expression Denial of Service vulnerability - https://github.com/advisories/GHSA-v6h2-p8h4-qcjw
fix available via `npm audit fix`
node_modules/@jest/reporters/node_modules/brace-expansion
node_modules/brace-expansion
node_modules/jest-config/node_modules/brace-expansion
node_modules/jest-runtime/node_modules/brace-expansion
node_modules/test-exclude/node_modules/brace-expansion
node_modules/tslint/node_modules/brace-expansion
form-data >=3.0.0 <3.0.4 || <2.5.4
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
fix available via `npm audit fix`
node_modules/@types/request/node_modules/form-data
node_modules/form-data
micromatch <4.0.8
Severity: moderate
Regular Expression Denial of Service (ReDoS) in micromatch - https://github.com/advisories/GHSA-952p-6rrq-rcjv
fix available via `npm audit fix`
node_modules/micromatch
tmp <=0.2.3
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter - https://github.com/advisories/GHSA-52f5-9888-hmc6
fix available via `npm audit fix --force`
Will install inquirer@12.9.4, which is a breaking change
node_modules/tmp
external-editor >=1.1.1
Depends on vulnerable versions of tmp
node_modules/external-editor
inquirer 3.0.0 - 8.2.6 || 9.0.0 - 9.3.7
Depends on vulnerable versions of external-editor
node_modules/inquirer
7 vulnerabilities (4 low, 2 moderate, 1 critical)
To address issues that do not require attention, run:
npm audit `fix`
If there's an update planned in the short term, it would be great to add this task to that PR.
In case no changes are planned in the next weeks, I'll create a PR with these fixes.
Hey @leolabs,
There are currently 7 issues (4 low, 2 moderate, 1 critical) in some NPM packages used by JSON Autotranslate. Addressing these issues is essential to patch security vulnerabilities, prevent technical debt and ensure the long-term health of the project.
If there's an update planned in the short term, it would be great to add this task to that PR.
In case no changes are planned in the next weeks, I'll create a PR with these fixes.