Cawfehhh
Cawfehhh
PostsComments
XXata
Created by Cawfehhh on 10/1/2024 in #help
High severity vulnerabilities when installing @xata.io/cli
Hi all, encountered 4 high severity vulnerabilities when I installed the CLI: 
npm install @xata.io/cli

added 200 packages, changed 3 packages, and audited 1808 packages in 14s

267 packages are looking for funding
  run `npm fund` for details

4 high severity vulnerabilities

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
npm install @xata.io/cli

added 200 packages, changed 3 packages, and audited 1808 packages in 14s

267 packages are looking for funding
  run `npm fund` for details

4 high severity vulnerabilities

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
Ran npm audit fix, then it got down to 3: 
npm audit fix

changed 1 package, and audited 1808 packages in 5s

267 packages are looking for funding
  run `npm fund` for details

# npm audit report

lodash.pick  >=4.0.0
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix --force`
Will install @xata.io/[email protected], which is a breaking change
node_modules/lodash.pick
  @xata.io/importer  >=1.0.0
  Depends on vulnerable versions of lodash.pick
  node_modules/@xata.io/importer
    @xata.io/cli  >=0.13.0
    Depends on vulnerable versions of @xata.io/importer
    node_modules/@xata.io/cli

3 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force
npm audit fix

changed 1 package, and audited 1808 packages in 5s

267 packages are looking for funding
  run `npm fund` for details

# npm audit report

lodash.pick  >=4.0.0
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix --force`
Will install @xata.io/[email protected], which is a breaking change
node_modules/lodash.pick
  @xata.io/importer  >=1.0.0
  Depends on vulnerable versions of lodash.pick
  node_modules/@xata.io/importer
    @xata.io/cli  >=0.13.0
    Depends on vulnerable versions of @xata.io/importer
    node_modules/@xata.io/cli

3 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force
Forced a fix, and it got up to 17 (can't paste the output for some reason). And then tried fixing and force fixing and it goes on in a loop. Should I be worried about the vulnerabilities?
3 replies