Multiple vulnerabilities in outdated packages #32
Description
Currently trymodule contains 41 vulnerabilities (35 moderate, 6 high) due to not updated packages. @victorb please update packages.
List of outdated packages with vulnerabilities:
Severity: Moderate
Type: ReDoS
Package brace-expansion
Patched in >=1.1.7
Dependency of trymodule
Path trymodule > npmi > npm > fs-vacuum > rimraf > glob > minimatch > brace-expansion
Path trymodule > npmi > npm > fstream-npm > fstream-ignore > minimatch > brace-expansion
Path trymodule > npmi > npm > node-gyp > fstream > rimraf > glob > minimatch > brace-expansion
More info https://nodesecurity.io/advisories/338
Severity: Moderate
Type: Prototype pollution
Package hoek
Patched in > 4.2.0 < 5.0.0 || >= 5.0.3
Dependency of trymodule
Path trymodule > npmi > npm > node-gyp > request > hawk > boom > hoek
Path trymodule > npmi > npm > node-gyp > request > hawk > cryptiles > boom > hoek
Path trymodule > npmi > npm > node-gyp > request > hawk > hoek
Path trymodule > npmi > npm > node-gyp > request > hawk > sntp > hoek
Path trymodule > npmi > npm > npm-registry-client > request > hawk > boom > hoek
Path trymodule > npmi > npm > npm-registry-client > request > hawk > cryptiles > boom > hoek
Path trymodule > npmi > npm > npm-registry-client > request > hawk > hoek
Path trymodule > npmi > npm > npm-registry-client > request > hawk > sntp > hoek
Path trymodule > npmi > npm > request > hawk > boom > hoek
Path trymodule > npmi > npm > request > hawk > cryptiles > boom > hoek
Path trymodule > npmi > npm > request > hawk > hoek
Path trymodule > npmi > npm > request > hawk > sntp > hoek
More info https://nodesecurity.io/advisories/566
Severity: High
Type: Regular Expression Denial of Service
Package sshpk
Patched in >=1.13.2 < 1.14.0 || >=1.14.1
Dependency of trymodule
Path trymodule > npmi > npm > node-gyp > request > http-signature > sshpk
Path trymodule > npmi > npm > npm-registry-client > request > http-signature > sshpk
Path trymodule > npmi > npm > request > http-signature > sshpk
More info https://nodesecurity.io/advisories/606
Severity: High
Type: Regular Expression Denial of Service
Package tough-cookie
Patched in >=2.3.3
Dependency of trymodule
Path trymodule > npmi > npm > node-gyp > request > tough-cookie
Path trymodule > npmi > npm > npm-registry-client > request > tough-cookie
Path trymodule > npmi > npm > request > tough-cookie
More info https://nodesecurity.io/advisories/525
Severity: Moderate
Type: Memory Exposure
Package tunnel-agent
Patched in >=0.6.0
Dependency of trymodule
Path trymodule > npmi > npm > node-gyp > request > tunnel-agent
Path trymodule > npmi > npm > npm-registry-client > request > tunnel-agent
Path trymodule > npmi > npm > request > tunnel-agent
More info https://nodesecurity.io/advisories/598
Severity: Moderate
Type: Out-of-bounds Read
Package stringstream
Patched in >=0.0.6
Dependency of trymodule
Path trymodule > npmi > npm > node-gyp > request > stringstream
Path trymodule > npmi > npm > npm-registry-client > request > stringstream
Path trymodule > npmi > npm > request > stringstream
More info https://nodesecurity.io/advisories/664