XataX
Xata16mo ago
2 replies
Cawfehhh

High severity vulnerabilities when installing @xata.io/cli

Hi all, encountered 4 high severity vulnerabilities when I installed the CLI:
npm install @xata.io/cli

added 200 packages, changed 3 packages, and audited 1808 packages in 14s

267 packages are looking for funding
  run `npm fund` for details

4 high severity vulnerabilities

To address all issues, run:
  npm audit fix

Run `npm audit` for details.


Ran npm audit fix, then it got down to 3:
npm audit fix

changed 1 package, and audited 1808 packages in 5s

267 packages are looking for funding
  run `npm fund` for details

# npm audit report

lodash.pick  >=4.0.0
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix --force`
Will install @xata.io/cli@0.12.7, which is a breaking change
node_modules/lodash.pick
  @xata.io/importer  >=1.0.0
  Depends on vulnerable versions of lodash.pick
  node_modules/@xata.io/importer
    @xata.io/cli  >=0.13.0
    Depends on vulnerable versions of @xata.io/importer
    node_modules/@xata.io/cli

3 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force


Forced a fix, and it got up to 17 (can't paste the output for some reason).

And then tried fixing and force fixing and it goes on in a loop.

Should I be worried about the vulnerabilities?
message.txt9.62KB
Was this page helpful?