Cawfehhh
Cawfehhh
XXata
Created by Cawfehhh on 10/1/2024 in #help
High severity vulnerabilities when installing @xata.io/cli
Hi all, encountered 4 high severity vulnerabilities when I installed the CLI:
npm install @xata.io/cli

added 200 packages, changed 3 packages, and audited 1808 packages in 14s

267 packages are looking for funding
run `npm fund` for details

4 high severity vulnerabilities

To address all issues, run:
npm audit fix

Run `npm audit` for details.
npm install @xata.io/cli

added 200 packages, changed 3 packages, and audited 1808 packages in 14s

267 packages are looking for funding
run `npm fund` for details

4 high severity vulnerabilities

To address all issues, run:
npm audit fix

Run `npm audit` for details.
Ran npm audit fix, then it got down to 3:
npm audit fix

changed 1 package, and audited 1808 packages in 5s

267 packages are looking for funding
run `npm fund` for details

# npm audit report

lodash.pick >=4.0.0
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix --force`
Will install @xata.io/[email protected], which is a breaking change
node_modules/lodash.pick
@xata.io/importer >=1.0.0
Depends on vulnerable versions of lodash.pick
node_modules/@xata.io/importer
@xata.io/cli >=0.13.0
Depends on vulnerable versions of @xata.io/importer
node_modules/@xata.io/cli

3 high severity vulnerabilities

To address all issues (including breaking changes), run:
npm audit fix --force
npm audit fix

changed 1 package, and audited 1808 packages in 5s

267 packages are looking for funding
run `npm fund` for details

# npm audit report

lodash.pick >=4.0.0
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
fix available via `npm audit fix --force`
Will install @xata.io/[email protected], which is a breaking change
node_modules/lodash.pick
@xata.io/importer >=1.0.0
Depends on vulnerable versions of lodash.pick
node_modules/@xata.io/importer
@xata.io/cli >=0.13.0
Depends on vulnerable versions of @xata.io/importer
node_modules/@xata.io/cli

3 high severity vulnerabilities

To address all issues (including breaking changes), run:
npm audit fix --force
Forced a fix, and it got up to 17 (can't paste the output for some reason). And then tried fixing and force fixing and it goes on in a loop. Should I be worried about the vulnerabilities?
3 replies