Impossibile installare le dipendenze

[oxodi]

Buonasera,

si segnala che non è possibile installare le dipendenze NPM in quanto alcune di esse presentano severe vulnerabilità;

Step per riprodurre l'errore:

• npm install

`
svg2png *
Severity: moderate
XSS in svg2png (NPM package) - GHSA-mpp5-2x55-49xw
Depends on vulnerable versions of yargs
No fix available
node_modules/svg2png
icon-gen <=2.1.0
Depends on vulnerable versions of svg2png
node_modules/icon-gen
electron-icon-builder *
Depends on vulnerable versions of icon-gen
Depends on vulnerable versions of jimp
node_modules/electron-icon-builder

yargs-parser <=5.0.0
Severity: moderate
Prototype Pollution in yargs-parser - GHSA-p9pc-299p-vxgp
No fix available
node_modules/svg2png/node_modules/yargs-parser
yargs 4.0.0-alpha1 - 7.0.0-alpha.3 || 7.1.1
Depends on vulnerable versions of yargs-parser
node_modules/svg2png/node_modules/yargs
svg2png *
Depends on vulnerable versions of yargs
node_modules/svg2png
icon-gen <=2.1.0
Depends on vulnerable versions of svg2png
node_modules/icon-gen
electron-icon-builder *
Depends on vulnerable versions of icon-gen
Depends on vulnerable versions of jimp
node_modules/electron-icon-builder

43 vulnerabilities (14 moderate, 26 high, 3 critical)
`