Following the instructions here - Build custom React components
Reports 5 moderate severity vulnerabilities - See npm audit report below.
❯ git clone https://github.com/tryretool/custom-component-collection-template new-custom-component
Cloning into 'new-custom-component'...
remote: Enumerating objects: 71, done.
remote: Counting objects: 100% (27/27), done.
remote: Compressing objects: 100% (15/15), done.
remote: Total 71 (delta 16), reused 12 (delta 12), pack-reused 44 (from 1)
Receiving objects: 100% (71/71), 358.94 KiB | 2.80 MiB/s, done.
Resolving deltas: 100% (26/26), done.
❯ cd new-custom-component
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
added 376 packages, and audited 377 packages in 3s
128 packages are looking for funding
run npm fund for details
5 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run npm audit for details.
up to date, audited 377 packages in 758ms
128 packages are looking for funding
run npm fund for details
npm audit report
esbuild <=0.24.2
Severity: moderate
esbuild enables any website to send any requests to the development server and read the response - GHSA-67mh-4wv8-2f99
fix available via npm audit fix --force
Will install @tryretool/custom-component-support@0.0.7, which is a breaking change
node_modules/esbuild
@tryretool/custom-component-support *
Depends on vulnerable versions of esbuild
Depends on vulnerable versions of esbuild-sass-plugin
Depends on vulnerable versions of postcss
Depends on vulnerable versions of undici
node_modules/@tryretool/custom-component-support
esbuild-sass-plugin <=3.2.0
Depends on vulnerable versions of esbuild
node_modules/esbuild-sass-plugin
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - GHSA-7fh5-64p2-3v2j
fix available via npm audit fix --force
Will install @tryretool/custom-component-support@0.0.7, which is a breaking change
node_modules/@tryretool/custom-component-support/node_modules/postcss
undici 6.0.0 - 6.21.0
Severity: moderate
Undici vulnerable to data leak when using response.arrayBuffer() - GHSA-3g92-w8c5-73pq
Use of Insufficiently Random Values in undici - GHSA-c76h-2ccp-4975
fix available via npm audit fix --force
Will install @tryretool/custom-component-support@0.0.7, which is a breaking change
node_modules/undici
5 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Following the instructions here - Build custom React components
Reports 5 moderate severity vulnerabilities - See npm audit report below.
Cloning into 'new-custom-component'...
remote: Enumerating objects: 71, done.
remote: Counting objects: 100% (27/27), done.
remote: Compressing objects: 100% (15/15), done.
remote: Total 71 (delta 16), reused 12 (delta 12), pack-reused 44 (from 1)
Receiving objects: 100% (71/71), 358.94 KiB | 2.80 MiB/s, done.
Resolving deltas: 100% (26/26), done.
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
added 376 packages, and audited 377 packages in 3s
128 packages are looking for funding
run
npm fundfor details5 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run
npm auditfor details.up to date, audited 377 packages in 758ms
128 packages are looking for funding
run
npm fundfor detailsnpm audit report
esbuild <=0.24.2
Severity: moderate
esbuild enables any website to send any requests to the development server and read the response - GHSA-67mh-4wv8-2f99
fix available via
npm audit fix --forceWill install @tryretool/custom-component-support@0.0.7, which is a breaking change
node_modules/esbuild
@tryretool/custom-component-support *
Depends on vulnerable versions of esbuild
Depends on vulnerable versions of esbuild-sass-plugin
Depends on vulnerable versions of postcss
Depends on vulnerable versions of undici
node_modules/@tryretool/custom-component-support
esbuild-sass-plugin <=3.2.0
Depends on vulnerable versions of esbuild
node_modules/esbuild-sass-plugin
postcss <8.4.31
Severity: moderate
PostCSS line return parsing error - GHSA-7fh5-64p2-3v2j
fix available via
npm audit fix --forceWill install @tryretool/custom-component-support@0.0.7, which is a breaking change
node_modules/@tryretool/custom-component-support/node_modules/postcss
undici 6.0.0 - 6.21.0
Severity: moderate
Undici vulnerable to data leak when using response.arrayBuffer() - GHSA-3g92-w8c5-73pq
Use of Insufficiently Random Values in undici - GHSA-c76h-2ccp-4975
fix available via
npm audit fix --forceWill install @tryretool/custom-component-support@0.0.7, which is a breaking change
node_modules/undici
5 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force