Fix runtime dependencies vulnerabilities #696
Description
Verify latest release
- I verified that the issue exists in the latest html-reporter release
Html-reporter version
10.19.0
Last html-reporter version that worked
No response
Link to the code that reproduces this issue or a replay of the bug
No response
Reproduction steps
npm init -y
npm install html-reporter@latest
npm auditActual Behavior
# npm audit report
axios 1.0.0 - 1.8.1
Severity: high
Server-Side Request Forgery in axios - https://github.com/advisories/GHSA-8hc4-vh64-cxmj
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - https://github.com/advisories/GHSA-jr5f-v2jv-69x6
fix available via `npm audit fix --force`
Will install html-reporter@9.16.0, which is a breaking change
node_modules/axios
html-reporter >=4.10.0
Depends on vulnerable versions of axios
Depends on vulnerable versions of tmp
node_modules/html-reporter
tmp <=0.2.3
tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter - https://github.com/advisories/GHSA-52f5-9888-hmc6
fix available via `npm audit fix --force`
Will install html-reporter@9.16.0, which is a breaking change
node_modules/tmp
3 vulnerabilities (1 low, 2 high)
To address all issues (including breaking changes), run:
npm audit fix --force
Expected Behavior
found 0 vulnerabilities
Which Node.js version are you using?
20.18.1