5 high severity vulnerabilities - NPM v. 7.17.0

Taxick · June 11, 2021, 12:19pm

Hi

I have just updated my NPM version from npm 6 to 7 on my ghost installation.

The version I’m running now is: 7.17.0

I have used this command “sudo npm install -g npm@latest” to update NPM

But now if I running the command to update ghost-cli with this command: “sudo npm install -g ghost-cli@latest”

I get this warning:

sudo npm install -g ghost-cli@latest

changed 419 packages, and audited 420 packages in 11s

29 packages are looking for funding
run npm fund for details

5 high severity vulnerabilities

To address all issues (including breaking changes), run:
npm audit fix --force

Run npm audit for details.

The command “npm audit fix --force” doesn’t fix the warning!

Will I have to be worried about the warning? and what did it mean?

EDIT-1:

If I’m running this command: “npm audit” I’m getting this output
found 0 vulnerabilities

EDIT-2:

Ghost-CLI version: 1.17.3
Ghost version: 4.7.0 (at /var/www/ghost)
Node version: v14.17.0
Site: https://www.futurenode.dk

Thanks

Thomas

vikaspotluri123 · June 11, 2021, 4:53pm

In this specific instance, there’s no action required from you, some of the cli dependencies have reported security issues which may or may not actually impact the cli

Taxick · June 11, 2021, 5:10pm

Thanks

Topic		Replies	Views
Unable to update Ghost CLI Developer help	3	89	September 11, 2024
Supported npm versions Developer help	3	344	March 4, 2021
Ghost-CLI wont update from 1.17.1 to 1.17.3! Developer help	13	1384	June 4, 2021
Node v. 14.16.1 makes warnings Developer help	3	607	May 11, 2021
Hoping for some server/site maintence pointers Self-hosting	0	329	March 17, 2023

5 high severity vulnerabilities - NPM v. 7.17.0

Related topics