[GH-ISSUE #798] NPM Audit found vulnerabilities. #398

New issue

Closed

opened 2026-03-02 12:41:55 +03:00 by kerem · 1 comment

kerem commented 2026-03-02 12:41:55 +03:00

Owner

Copy link

Originally created by @github-actions[bot] on GitHub (Feb 27, 2022).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/798

# npm audit report

prismjs  1.14.0 - 1.26.0
Severity: high
Cross-site Scripting in Prism - https://github.com/advisories/GHSA-3949-f494-cm99
fix available via `npm audit fix`
node_modules/prismjs
node_modules/refractor/node_modules/prismjs
  refractor  2.4.0 - 3.5.0 || 4.0.0 - 4.4.0
  Depends on vulnerable versions of prismjs
  node_modules/refractor

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

Originally created by @github-actions[bot] on GitHub (Feb 27, 2022). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/798 ``` # npm audit report prismjs 1.14.0 - 1.26.0 Severity: high Cross-site Scripting in Prism - https://github.com/advisories/GHSA-3949-f494-cm99 fix available via `npm audit fix` node_modules/prismjs node_modules/refractor/node_modules/prismjs refractor 2.4.0 - 3.5.0 || 4.0.0 - 4.4.0 Depends on vulnerable versions of prismjs node_modules/refractor 2 high severity vulnerabilities To address all issues, run: npm audit fix ```

kerem closed this issue 2026-03-02 12:41:55 +03:00

kerem commented 2026-03-02 12:41:56 +03:00

Author

Owner

Copy link

@KelvinTegelaar commented on GitHub (Feb 27, 2022):

Researched issue already, has no impact as we do not utilize the prism commandline. Will be updated at next release to remove false positive alert.

<!-- gh-comment-id:1053548022 --> @KelvinTegelaar commented on GitHub (Feb 27, 2022): Researched issue already, has no impact as we do not utilize the prism commandline. Will be updated at next release to remove false positive alert.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

docs

dev

dependabot/npm_and_yarn/dev/uiw/react-json-view-2.0.0-alpha.42

dependabot/npm_and_yarn/dev/tanstack/react-query-persist-client-5.96.2

dependabot/npm_and_yarn/dev/mui-tiptap-1.30.0

dependabot/npm_and_yarn/dev/tanstack/react-query-devtools-5.96.2

dependabot/npm_and_yarn/dev/recharts-3.8.1

dependabot/github_actions/dev/actions/setup-node-6.4.0

copilot/add-alert-for-report-only-ca

release/beta

release/nightly

docs-maintenance

v10.4.0

v10.3.0

v10.2.0

v10.1.0

v10.0.0

v8.8.0

v8.7.0

v8.6.0

v8.5.0

v8.4.0

v8.3.0

v8.2.0

v8.1.0

v8.0.0

v7.5.0

v7.4.0

v7.3.0

v7.2.0

v7.1.0

v7.0.1

v6.4.0

v6.3.0

v6.2.0

v6.1.0

v6.0.0

v5.9.0

v5.8.5

v5.8.0

v5.7.0

v5.6.0

v5.5.0

v5.4.0

v5.3.0

v5.2.0

v5.1.0

v5.0.0

v4.9.0

v4.8.0

v4.7.0

v.4.6.0

v4.5.0

v4.4.0

v4.3.0

v4.2.0

v4.1.0

v4.0.0

v3.8.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v3.0.0

v2.20.0

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.13.0

v2.12.0

v2.11.2

v2.1.11.0

v.2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.5

v2.5.0

v2.4.0

v.2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

2.0.0

v1.5.1

v1.5.0

v1.4.3

v1.4.2

v1.4.0

v1.3.0

v1.2.1

v1.2.0

1.1.0

release

Labels

Clear labels   

API

  

Feature

  

NotABug

  

NotABug

  

Planned

  

Sponsor Priority

  

Sponsor Priority

  

bug

  

documentation

  

duplicate

  

enhancement

  

needs more info

  

no-activity

  

no-priority

  

not-assigned

  

pull-request

Mirrored from GitHub Pull Request

  

react-conversion

  

react-conversion

  

roadmap

  

security

  

stale

  

unconfirmed-by-user

  

unconfirmed-by-user

  

wontfix

No labels

API

Feature

NotABug

NotABug

Planned

Sponsor Priority

Sponsor Priority

bug

documentation

duplicate

enhancement

needs more info

no-activity

no-priority

not-assigned

pull-request

react-conversion

react-conversion

roadmap

security

stale

unconfirmed-by-user

unconfirmed-by-user

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/CIPP#398

No description provided.