Hallo,
ich habe mich zur Installation für die Version 14 entschieden und erhalte folgendes Resultat bei dem Audit:
Gruß,
Afox
Hallo,
ich habe mich zur Installation für die Version 14 entschieden und erhalte folgendes Resultat bei dem Audit:
=== npm audit security report ===
# Run npm update socket.io --depth 1 to resolve 8 vulnerabilities
------------------------------
Low - Regular Expression Denial of Service
Package: debug
Dependency of: socket.io
Path: socket.io > debug
More info: https://npmjs.com/advisories/534
------------------------------
Low - Regular Expression Denial of Service
Package: debug
Dependency of: socket.io
Path: socket.io > engine.io > debug
More info: https://npmjs.com/advisories/534
------------------------------
Low - Regular Expression Denial of Service
Package: debug
Dependency of: socket.io
Path: socket.io > socket.io-adapter > debug
More info: https://npmjs.com/advisories/534
------------------------------
Low - Regular Expression Denial of Service
Package: debug
Dependency of: socket.io
Path: socket.io > socket.io-adapter > socket.io-parser > debug
More info: https://npmjs.com/advisories/534
------------------------------
Low - Regular Expression Denial of Service
Package: debug
Dependency of: socket.io
Path: socket.io > socket.io-client > socket.io-parser > debug
More info: https://npmjs.com/advisories/534
------------------------------
Low - Regular Expression Denial of Service
Package: debug
Dependency of: socket.io
Path: socket.io > socket.io-parser > debug
More info: https://npmjs.com/advisories/534
------------------------------
Low - Regular Expression Denial of Service
Package: debug
Dependency of: socket.io
Path: socket.io > socket.io-client > debug
More info: https://npmjs.com/advisories/534
------------------------------
Low - Regular Expression Denial of Service
Package: debug
Dependency of: socket.io
Path: socket.io > socket.io-client > engine.io-client > debug
More info: https://npmjs.com/advisories/534
------------------------------
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
------------------------------
High - Regular Expression Denial of Service
Package: parsejson
Patched in: No patch available
Dependency of: socket.io
Path: socket.io > socket.io-client > engine.io-client > parsejson
More info: https://npmjs.com/advisories/528
------------------------------
found 9 vulnerabilities (8 low, 1 high) in 114 scanned packages
run `npm audit fix` to fix 8 of them.
1 vulnerability requires manual review. See the full report for details.
Gruß,
Afox
Hallo,
die Problematik in „debug“ kann ignoriert werden. Die Problematik in „parsejson“ kann ich nicht beurteilen, habe aber keinen Einfluss darauf, die Abhängigkeit ist nicht durch mich gesetzt. Ich glaube die betrifft den Server aber gar nicht, sondern nur den Browserclient.