@@ -1043,30 +1043,41 @@ This will force the AssetMapper component to re-calculate the content of all fil
10431043Run Security Audits on Your Dependencies
10441044----------------------------------------
10451045
1046- Just like ``npm `` and ``yarn ``, the AssetMapper component comes bundled with a
1047- command allowing you to quickly have a look at security vulnerability advisories
1048- that may exist in the dependencies you're using in your application:
1046+ Similar to ``npm `` and ``yarn ``, the AssetMapper component comes bundled with a
1047+ command that checks security vulnerabilities in the dependencies of your application:
10491048
10501049.. code-block :: terminal
10511050
10521051 $ php bin/console importmap:audit
10531052
1054-
1055-
1056- .. image :: /_images/components/assetmapper/01-importmap-audit.png
1057- :alt: Console output showing a table of security vulnerabilities that exist
1058- in the dependencies used in the application.
1059-
1060- Additionally, the command takes a ``--format `` option to chose in which format
1061- the output should be. The values supported by this options are the following:
1062-
1063- * ``txt ``
1064- * ``json ``
1053+ -------- --------------------------------------------- --------- ------- ---------- -----------------------------------------------------
1054+ Severity Title Package Version Patched in More info
1055+ -------- --------------------------------------------- --------- ------- ---------- -----------------------------------------------------
1056+ Medium jQuery Cross Site Scripting vulnerability jquery 3.3.1 3.5.0 https://api.github.com/advisories/GHSA-257q-pV89-V3xv
1057+ Medium Potential XSS vulnerability in jQuery jquery 3.3.1 3.5.0 https://api.github.com/advisories/GHSA-jpcq-cgw6-v4j6
1058+ Medium Potential XSS vulnerability in jQuery jquery 3.3.1 3.5.0 https://api.github.com/advisories/GHSA-gxr4-xjj5-5px2
1059+ Medium XSS in jQuery as used in Drupal, etc. jquery 3.3.1 3.4.0 https://api.github.com/advisories/GHSA-6c3j-c64m-qhgg
1060+ Medium Prototype Pollution in jQuery jquery 3.3.1 3.4.0 https://api.github.com/advisories/GHSA-wV67-q8rr-grjp
1061+ High Prototype Pollution in JSON5 via Parse Method json5 1.0.0 1.0.2 https://api.github.com/advisories/GHSA-9c47-m6qq-7p4h
1062+ Medium semver vulnerable to RegExp Denial of Service semver 4.3.0 5.7.2 https://api.github.com/advisories/GHSA-c2qf-rxjj-qqgw
1063+ High RegExp Denial of Service in sever semver 4.3.0 4.3.2 https://api.github.com/advisories/GHSA-X6fg-f45m-jf5g
1064+ Critical Prototype Pollution in minimist minimist 1.1.3 1.2.6 https://api.github.com/advisories/GHSA-xvch-5gv4-984h
1065+ Medium Prototype Pollution in minimist minimist 1.1.3 1.2.3 https://api.github.com/advisories/GHSA-vh95-rmgr-6w4m
1066+ Medium ESLint dependencies are vulnerable minimist 1.1.3 1.2.2 https://api.github.com/advisories/GHSA-7fhm-mqm4-2wp7
1067+ Medium Bootstrap Vulnerable to Cross-Site Scripting bootstrap 4.1.3 4.3.1 https://api.github.com/advisories/GHSA-9v3M-8fp8-mi99
1068+ -------- --------------------------------------------- --------- ------- ---------- -----------------------------------------------------
1069+
1070+ 7 packages found: 7 audited / 0 skipped
1071+ 12 vulnerabilities found: 1 Critical / 2 High / 9 Medium
10651072
106610730 `` exit code if no vulnerability is found, or
10671074the ``-1 `` exit code otherwise. This means that you can seamlessly integrate this
1068- command as part of your CI to be warned anytime a new vulnerability is found
1069- in the packages you use.
1075+ command as part of your CI to be warned anytime a new vulnerability is found.
1076+
1077+ .. tip ::
1078+
1079+ The command takes a ``--format `` option to choose the output format between
1080+ ``txt `` and ``json ``.
10701081
10711082.. versionadded :: 6.4
10721083
0 commit comments