@ory/cli and npm audit #410
Description
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
When running npm audit @ory/cli is reported as having vulnerabilities
Reproducing the bug
npm init
npm install --save-dev @ory/cli
npm audit
npm audit report
form-data <2.5.4
Severity: critical
form-data uses unsafe random function in form-data for choosing boundary - GHSA-fjxv-7rqg-78g4
No fix available
node_modules/form-data
request *
Depends on vulnerable versions of form-data
Depends on vulnerable versions of tough-cookie
node_modules/request
binwrap *
Depends on vulnerable versions of request
node_modules/binwrap
@ory/cli *
Depends on vulnerable versions of binwrap
node_modules/@ory/cli
tough-cookie <4.1.3
Severity: moderate
tough-cookie Prototype Pollution vulnerability - GHSA-72xf-g2v4-qvf3
No fix available
node_modules/tough-cookie
5 vulnerabilities (3 moderate, 2 critical)
Some issues need review, and may require choosing
a different dependency.
Relevant log output
Relevant configuration
Version
1.1.0
On which operating system are you observing this issue?
Windows
In which environment are you deploying?
Other
Additional Context
Ory support asked me to open this issue