You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recently I found an application using this with vulnerabilities on install... upon review i realized it was google. After looking into the package.json and understanding the depth of changes, I realized anything using cheerio pre version 0.22.0 probably would be difficult to refactor.
I agree with #63. This library is unmaintained I am just going to refactor around an API with a key in that application to get the audit to be clean and use best practices.
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.11 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ google │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ google > cheerio > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/782 │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=4.17.5 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ google │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ google > cheerio > lodash │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/577 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 2 vulnerabilities (1 low, 1 moderate)
Recently I found an application using this with vulnerabilities on install... upon review i realized it was
google. After looking into thepackage.jsonand understanding the depth of changes, I realized anything usingcheeriopre version0.22.0probably would be difficult to refactor.I agree with #63. This library is unmaintained I am just going to refactor around an API with a key in that application to get the audit to be clean and use best practices.
Links to vulnerabilities:
The text was updated successfully, but these errors were encountered: