Dependency on compromised packages #7365
Description
Related to debug-js/debug#1005 (comment)
# npm audit report
color-convert *
Severity: critical
Malware in color-convert - https://github.com/advisories/GHSA-ch7m-m9rf-8gvv
Depends on vulnerable versions of color-name
fix available via `npm audit fix --force`
Will install rxdb@13.10.1, which is a breaking change
node_modules/color-convert
ansi-styles 3.0.0 - 4.3.0
Depends on vulnerable versions of color-convert
node_modules/ansi-styles
wrap-ansi 4.0.0 - 7.0.0
Depends on vulnerable versions of ansi-styles
node_modules/wrap-ansi
cliui 5.0.0 - 8.0.1
Depends on vulnerable versions of wrap-ansi
node_modules/cliui
yargs 13.2.4 - 17.7.2
Depends on vulnerable versions of cliui
node_modules/yargs
@grpc/proto-loader >=0.6.0-pre1
Depends on vulnerable versions of yargs
node_modules/@grpc/proto-loader
@firebase/firestore <=0.0.900-exp.f43d0c698 || 2.3.7-202151602035 - 2.3.7-canary.f6e1645ef || >=2.3.8-20216122160
Depends on vulnerable versions of @grpc/grpc-js
Depends on vulnerable versions of @grpc/proto-loader
node_modules/@firebase/firestore
@firebase/firestore-compat *
Depends on vulnerable versions of @firebase/firestore
node_modules/@firebase/firestore-compat
firebase 0.900.22 || 7.9.1-0 - 7.9.1-canary.0396117e || 8.6.8-202151602035 - 8.6.8-canary.f6e1645ef || >=8.7.0-20216122160
Depends on vulnerable versions of @firebase/firestore
Depends on vulnerable versions of @firebase/firestore-compat
node_modules/firebase
rxdb >=13.11.0
Depends on vulnerable versions of firebase
Depends on vulnerable versions of simple-peer
node_modules/rxdb
@grpc/grpc-js 1.1.5 - 1.1.8 || >=1.4.0
Depends on vulnerable versions of @grpc/proto-loader
node_modules/@grpc/grpc-js
color-name *
Severity: critical
Malware in color-name - https://github.com/advisories/GHSA-m99c-cfww-cxqx
fix available via `npm audit fix --force`
Will install rxdb@13.10.1, which is a breaking change
node_modules/color-name