High level security vulnerabilities in version 19.14.16 of HOF relating to underscore library

On latest build using Node v14.18.1 the follwing 5 security vulnerabilities are reported:

underscore  1.3.2 - 1.12.0
Severity: high
Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
fix available via `npm audit fix --force`
Will install hof@18.3.0, which is a breaking change
node_modules/httpntlm/node_modules/underscore
  httpntlm  1.5.0 - 1.7.6
  Depends on vulnerable versions of underscore
  node_modules/httpntlm
    smtp-connection  2.4.0-beta.0 - 3.2.0
    Depends on vulnerable versions of httpntlm
    node_modules/smtp-connection
      nodemailer-smtp-transport  2.0.0-beta.0 - 2.0.0-beta.1 || >=2.5.0
      Depends on vulnerable versions of smtp-connection
      node_modules/nodemailer-smtp-transport
        hof  >=19.0.0-beta-v1
        Depends on vulnerable versions of nodemailer-smtp-transport
        node_modules/hof

5 high severity vulnerabilities



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

High level security vulnerabilities in version 19.14.16 of HOF relating to underscore library #349

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

High level security vulnerabilities in version 19.14.16 of HOF relating to underscore library #349

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions