# npm audit report

elliptic  <6.5.4
Severity: moderate
Use of a Broken or Risky Cryptographic Algorithm - https://npmjs.com/advisories/1648
fix available via `npm audit fix`
node_modules/elliptic

ini  <1.3.6
Prototype Pollution - https://npmjs.com/advisories/1589
fix available via `npm audit fix`
node_modules/ini

node-forge  <=0.9.2
Severity: high
Prototype Pollution in node-forge - https://npmjs.com/advisories/1561
fix available via `npm audit fix`
node_modules/node-forge
  selfsigned  1.1.1 - 1.10.7
  Depends on vulnerable versions of node-forge
  node_modules/selfsigned

serialize-javascript  <=3.0.0
Severity: high
Cross-Site Scripting - https://npmjs.com/advisories/1426
Remote Code Execution - https://npmjs.com/advisories/1548
fix available via `npm audit fix --force`
Will install copy-webpack-plugin@8.1.1, which is a breaking change
node_modules/copy-webpack-plugin/node_modules/serialize-javascript
  copy-webpack-plugin  4.3.0 - 5.0.4
  Depends on vulnerable versions of serialize-javascript
  node_modules/copy-webpack-plugin

y18n  <3.2.2||=4.0.0||>=5.0.0 <5.0.5
Severity: high
Prototype Pollution - https://npmjs.com/advisories/1654
fix available via `npm audit fix`
node_modules/y18n

7 vulnerabilities (1 low, 2 moderate, 4 high)

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force
