I have problem for [npm audit] #517
Description
Depends on vulnerable versions of mpath Depends on vulnerable versions of mquery fix available via npm audit fix --force`
Will install mongoose@5.13.22, which is outside the stated dependency range
node_modules/mongoose
mpath <0.8.4
Severity: moderate
Type confusion in mpath - GHSA-p92x-r36w-9395
fix available via npm audit fix --force
Will install mongoose@5.13.22, which is outside the stated dependency range
node_modules/mpath
mquery <3.2.3
Severity: moderate
Code Injection in mquery - GHSA-45q2-34rf-mr94
fix available via npm audit fix --force
Will install mongoose@5.13.22, which is outside the stated dependency range
node_modules/mquery
pug <=3.0.2
Severity: high
Remote code execution via the pretty option. - GHSA-p493-635q-r6gr
Pug allows JavaScript code execution if an application accepts untrusted input - GHSA-3965-hpx2-q597
Depends on vulnerable versions of pug-code-gen
fix available via npm audit fix --force
Will install pug@3.0.3, which is a breaking change
node_modules/pug
pug-code-gen <=2.0.3
Severity: high
Pug allows JavaScript code execution if an application accepts untrusted input - GHSA-3965-hpx2-q597
fix available via npm audit fix --force
Will install pug@3.0.3, which is a breaking change
node_modules/pug-code-gen
request *
Severity: moderate
Server-Side Request Forgery in Request - GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/request
@uphold/request-logger <=2.0.0
Depends on vulnerable versions of request
node_modules/@uphold/request-logger
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie
15 vulnerabilities (1 low, 8 moderate, 5 high, 1 critical)
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
root@ubuntu:~/explorer#
`