Underscore #48
Description
Instalando openpay con node v24.11.1 recibo lo siguiente:
# npm audit report
form-data <2.5.4
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - https://github.com/advisories/GHSA-fjxv-7rqg-78g4
No fix available
node_modules/request/node_modules/form-data
request *
Depends on vulnerable versions of form-data
Depends on vulnerable versions of qs
Depends on vulnerable versions of tough-cookie
node_modules/request
openpay *
Depends on vulnerable versions of request
Depends on vulnerable versions of underscore
node_modules/openpay
lodash.set *
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix`
node_modules/lodash.set
@nestjs/config 0.0.9 - 1.1.5
Depends on vulnerable versions of lodash.set
node_modules/@nestjs/config
qs <6.14.1
Severity: high
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion - https://github.com/advisories/GHSA-6rw7-vpxm-498p
No fix available
node_modules/request/node_modules/qs
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie
underscore 1.3.2 - 1.12.0
Severity: critical
Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
fix available via `npm audit fix`
node_modules/underscore
8 vulnerabilities (1 moderate, 3 high, 4 critical)
To address issues that do not require attention, run:
npm audit fix
Some issues need review, and may require choosing
a different dependency.
Existirá algún plan a corto plazo para corregir estos huecos de seguridad?