gatsby-source-contentful vulnerabilities

Question

# npm audit report

utils-extend  *
Severity: high
Prototype Pollution - https://npmjs.com/advisories/1502
No fix available
node_modules/utils-extend
  ajax-request  >=1.0.1
  Depends on vulnerable versions of utils-extend
  node_modules/ajax-request
    base64-img  *
    Depends on vulnerable versions of ajax-request
    Depends on vulnerable versions of file-system
    node_modules/base64-img
      gatsby-source-contentful  1.0.0-beta.4 - 1.0.0-beta.6 || >=1.0.0-beta.3-alpha.15f49df0
      Depends on vulnerable versions of base64-img
      node_modules/gatsby-source-contentful
  file-match  *
  Depends on vulnerable versions of utils-extend
  node_modules/file-match
    file-system  >=1.2.3
    Depends on vulnerable versions of file-match
    Depends on vulnerable versions of utils-extend
    node_modules/file-system

6 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.`

I tried configuring this plugin with gatsby to render blog pages from contentful cms .

 node -v
v15.0.1

what might be the possible solution of this vulnerability ? No fix available and severity is high . Also I think base64-img is the vulnerable file .

I searched about this issue but just got this https://stackoverflow.com/a/52140004/8674655 . — Naman Jain, Oct 25 '20 at 09:50

gatsby-source-contentful vulnerabilities

0 Answers0