I'm created a simple expo app for iOS and Android. I'm trying to configure realtime database and after add the dependencies, i do: npx expo install. So i have 9 vulnerabilities (6 moderate, 3 high), maybe for some old oversion:
#npm audit report
lodash.trim *
Severity: moderate
Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9
No fix available
node_modules/lodash.trim
montage >=0.14.12
Depends on vulnerable versions of lodash.trim
Depends on vulnerable versions of q-io
node_modules/montage
qs <=6.2.3
Severity: high
Prototype Pollution Protection Bypass in qs -
https://github.com/advisories/GHSA-gqgv-6jq5-jjj9
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix`
node_modules/q-io/node_modules/qs
q-io >=1.3.0
Depends on vulnerable versions of qs
node_modules/q-io
semver 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/@expo/image-utils/node_modules/semver
@expo/image-utils <=0.0.1-canary-20240109-93608d8 || >=0.3.10-alpha.0
Depends on vulnerable versions of semver
node_modules/@expo/image-utils
@expo/cli <=0.0.0-canary-20231123-1b19f96-4 || >=0.0.1-canary-20231125-d600e44
Depends on vulnerable versions of @expo/image-utils
Depends on vulnerable versions of @expo/prebuild-config
node_modules/@expo/cli
expo 50.0.0-alpha.0 - 50.0.14
Depends on vulnerable versions of @expo/cli
@expo/prebuild-config *
Depends on vulnerable versions of @expo/image-utils
node_modules/@expo/prebuild-config
I have the last version of expo and node. Are these vulnerabilities that could cause problems in my app?
I hope I can continue creating my app