High Vulnerability found after install FOSJsRoutingBundle #485
Description
Description
I followed the below official docs to install the FOSJsRoutingBundle with Symfony Webencore.
https://github.com/FriendsOfSymfony/FOSJsRoutingBundle/blob/master/Resources/doc/installation.rst#step-5-if-you-are-using-webpack-install-the-npm-package-locally
However, I received the following vulnerability warning in npm audit and docker scanning.
Could you please help me have a look and let me know how to resolve the issue? Thanks
NPM Audit Report
# npm audit report
braces <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/braces
chokidar 1.3.0 - 2.1.8
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of braces
Depends on vulnerable versions of readdirp
node_modules/chokidar
glob-watcher 5.0.0 - 5.0.5
Depends on vulnerable versions of anymatch
Depends on vulnerable versions of chokidar
node_modules/glob-watcher
gulp 4.0.0 - 4.0.2
Depends on vulnerable versions of glob-watcher
Depends on vulnerable versions of gulp-cli
node_modules/gulp
micromatch 0.2.0 - 3.1.10
Depends on vulnerable versions of braces
node_modules/micromatch
anymatch 1.2.0 - 2.0.0
Depends on vulnerable versions of micromatch
node_modules/anymatch
findup-sync 0.4.0 - 3.0.0
Depends on vulnerable versions of micromatch
node_modules/findup-sync
node_modules/matchdep/node_modules/findup-sync
liftoff 2.2.3 - 3.1.0
Depends on vulnerable versions of findup-sync
node_modules/liftoff
gulp-cli 1.3.0 - 2.3.0
Depends on vulnerable versions of liftoff
Depends on vulnerable versions of matchdep
node_modules/gulp-cli
matchdep >=1.0.1
Depends on vulnerable versions of findup-sync
Depends on vulnerable versions of micromatch
node_modules/matchdep
readdirp 2.2.0 - 2.2.1
Depends on vulnerable versions of micromatch
node_modules/readdirp
11 high severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
NPM Why
[email protected] dev
node_modules/braces
braces@"^2.3.2" from [email protected]
node_modules/chokidar
chokidar@"^2.0.0" from [email protected]
node_modules/glob-watcher
glob-watcher@"^5.0.3" from [email protected]
node_modules/gulp
dev gulp@"^4.0.2" from [email protected]
vendor/friendsofsymfony/jsrouting-bundle/Resources
[email protected]
node_modules/fos-router
dev fos-router@"file:vendor/friendsofsymfony/jsrouting-bundle/Resources" from the root project
braces@"^2.3.1" from [email protected]
node_modules/micromatch
micromatch@"^3.1.4" from [email protected]
node_modules/anymatch
anymatch@"^2.0.0" from [email protected]
node_modules/chokidar
chokidar@"^2.0.0" from [email protected]
node_modules/glob-watcher
glob-watcher@"^5.0.3" from [email protected]
node_modules/gulp
dev gulp@"^4.0.2" from [email protected]
vendor/friendsofsymfony/jsrouting-bundle/Resources
[email protected]
node_modules/fos-router
dev fos-router@"file:vendor/friendsofsymfony/jsrouting-bundle/Resources" from the root project
anymatch@"^2.0.0" from [email protected]
node_modules/glob-watcher
glob-watcher@"^5.0.3" from [email protected]
node_modules/gulp
dev gulp@"^4.0.2" from [email protected]
vendor/friendsofsymfony/jsrouting-bundle/Resources
[email protected]
node_modules/fos-router
dev fos-router@"file:vendor/friendsofsymfony/jsrouting-bundle/Resources" from the root project
micromatch@"^3.0.4" from [email protected]
node_modules/findup-sync
findup-sync@"^3.0.0" from [email protected]
node_modules/liftoff
liftoff@"^3.1.0" from [email protected]
node_modules/gulp-cli
gulp-cli@"^2.2.0" from [email protected]
node_modules/gulp
dev gulp@"^4.0.2" from [email protected]
vendor/friendsofsymfony/jsrouting-bundle/Resources
[email protected]
node_modules/fos-router
dev fos-router@"file:vendor/friendsofsymfony/jsrouting-bundle/Resources" from the root project
micromatch@"^3.0.4" from [email protected]
node_modules/matchdep
matchdep@"^2.0.0" from [email protected]
node_modules/gulp-cli
gulp-cli@"^2.2.0" from [email protected]
node_modules/gulp
dev gulp@"^4.0.2" from [email protected]
vendor/friendsofsymfony/jsrouting-bundle/Resources
[email protected]
node_modules/fos-router
dev fos-router@"file:vendor/friendsofsymfony/jsrouting-bundle/Resources" from the root project
micromatch@"^3.0.4" from [email protected]
node_modules/matchdep/node_modules/findup-sync
findup-sync@"^2.0.0" from [email protected]
node_modules/matchdep
matchdep@"^2.0.0" from [email protected]
node_modules/gulp-cli
gulp-cli@"^2.2.0" from [email protected]
node_modules/gulp
dev gulp@"^4.0.2" from [email protected]
vendor/friendsofsymfony/jsrouting-bundle/Resources
[email protected]
node_modules/fos-router
dev fos-router@"file:vendor/friendsofsymfony/jsrouting-bundle/Resources" from the root project
micromatch@"^3.1.10" from [email protected]
node_modules/readdirp
readdirp@"^2.2.1" from [email protected]
node_modules/chokidar
chokidar@"^2.0.0" from [email protected]
node_modules/glob-watcher
glob-watcher@"^5.0.3" from [email protected]
node_modules/gulp
dev gulp@"^4.0.2" from [email protected]
vendor/friendsofsymfony/jsrouting-bundle/Resources
[email protected]
node_modules/fos-router
dev fos-router@"file:vendor/friendsofsymfony/jsrouting-bundle/Resources" from the root project