You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ npm audit fix
up to date, audited 846 packages in 5s
122 packages are looking for funding
run `npm fund` for details
# npm audit report
axios <=0.27.2
Severity: high
Axios vulnerable to Server-Side Request Forgery - https://github.com/advisories/GHSA-4w2v-q235-vp99
axios Inefficient Regular Expression Complexity vulnerability - https://github.com/advisories/GHSA-cph5-m8f7-6c5x
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
Depends on vulnerable versions of follow-redirects
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/axios
gitalk *
Depends on vulnerable versions of axios
node_modules/gitalk
hexo-butterfly-extjs >=1.1.0
Depends on vulnerable versions of gitalk
Depends on vulnerable versions of valine
node_modules/hexo-butterfly-extjs
follow-redirects <=1.15.5
Severity: high
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects - https://github.com/advisories/GHSA-pw2r-vq6v-hr8c
Exposure of sensitive information in follow-redirects - https://github.com/advisories/GHSA-74fj-2j2h-c42q
Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc
follow-redirects' Proxy-Authorization header kept across hosts - https://github.com/advisories/GHSA-cxjh-pqwp-8mfp
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/follow-redirects
insane *
Severity: moderate
insane vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-w455-mfq9-hf74
fix available via `npm audit fix`
node_modules/insane
valine >=1.4.15
Depends on vulnerable versions of insane
node_modules/valine
node-fetch <2.6.7
Severity: high
node-fetch forwards secure headers to untrusted sites - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix`
node_modules/node-fetch
isomorphic-fetch 2.0.0 - 2.2.1
Depends on vulnerable versions of node-fetch
node_modules/isomorphic-fetch
fbjs 0.7.0 - 1.0.0
Depends on vulnerable versions of isomorphic-fetch
node_modules/fbjs
react 0.15.0-alpha.1 - 16.4.2
Depends on vulnerable versions of fbjs
node_modules/react
react-dom 0.15.0-alpha.1 - 16.4.2
Depends on vulnerable versions of fbjs
Depends on vulnerable versions of react
node_modules/react-dom
11 vulnerabilities (4 moderate, 7 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
The text was updated successfully, but these errors were encountered:
butterfly版本5.2.2
hexo -v
hexo: 7.3.0
hexo-cli: 4.3.2
os: win32 10.0.26100 undefined
node: 20.18.0
acorn: 8.12.1
ada: 2.9.0
ares: 1.33.1
base64: 0.5.2
brotli: 1.1.0
cjs_module_lexer: 1.4.1
cldr: 45.0
icu: 75.1
llhttp: 8.1.2
modules: 115
napi: 9
nghttp2: 1.61.0
nghttp3: 0.7.0
ngtcp2: 1.1.0
openssl: 3.0.13+quic
simdutf: 5.5.0
tz: 2024a
undici: 6.19.8
unicode: 15.1
uv: 1.46.0
uvwasi: 0.0.21
v8: 11.3.244.8-node.23
zlib: 1.3.0.1-motley-71660e1
The text was updated successfully, but these errors were encountered: