advisories | Advisories and Proofs of Concept by BlackArrow | Security Testing library

symfony-cmd is a part of Symfony Flex. Your composer.json does not contain any requirement for Flex, so running composer require symfony/flex might resolve that problem.

As has been commented in the comments section, the issue has been solved by moving the project folder outside the OneDrive directory.

Because it's a synchronized cloud folder, as soon as you install/add/delete/update anything, it's being updated in the OneDrive cloud so the file/folder it's being used in the background and potentially unreachable. If at this time you try to develop the project (gatsby develop or gatsby build) and the file is being used, you won't be able to run it.

I don't think it's a good practice to use a cloud folder because the amount of data synchronized (mainly because of the node_modules) it's something to care about (it's also ignored in the .gitignore for a reason) so moving it to any other folder outside the OneDrive directory should be enough to run your project because the rest of global dependencies, according to your logs, were successfully installed.

As the output states, it cannot automatically fix it:

You should upgrade nokogiri to the latest possible for your project, especially when dealing with security issues. There are some caveats to this particular advisory, so you might not be vulnerable, but when dealing with security it's better to be overly cautious.

The note on Wikipedia refers to the MRI CRuby implementation as opposed to the others (like jruby).

It seems like you want to use these advisories within Python, or maybe reformat and print them out.

The most important thing to understand is that json.load will do all the work for you here, so you don't have to use re or readlines.

Here's an example:

Your build tool should be pulling in OkHttp’s transitive dependencies, Okio and Kotlin-stdlib. It appears from this stacktrace that the Kotlin stdlib is either outdated or absent? Update that and this crash should be fixed.

As I did not tried by myself, I firstly though the Advisory topics are treated as other topics but it seems not to be the case as explained in this post

The documentation on the Advisory topics does not mentions this and the above post is written by an ActiveMQ developer which seems to be a reliable source.

When connecting to Advisory topics, you have to be careful if you have authorization in place: you must give read/write access to all clients to the Advisory Topics like said in the security doc. This SO question relates exactly the issue you can have by not configuring properly the security.

On your side, I would recommend to create a network of broker with e.g. a Docker Compose and test it locally.

Further useful readings:

• https://activemq.apache.org/networks-of-brokers.html#NetworksofBrokers-Networksofbrokersandadvisories
• https://dzone.com/articles/how-monitor-activemq-networks
• https://dzone.com/articles/active-mq-network-brokers
• https://blog.christianposta.com/activemq/from-inside-the-code-activemq-network-bridges-and-demand-forward-subscriptions
• https://activemq.apache.org/advisory-message.html
• https://activemq.apache.org/components/cms/tutorials/handling-advisory-messages
• https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/ensuring-effective-amazon-mq-performance.html#network-of-brokers-configure-correctly

I'm afraid you just have to put up with the vulnerabilities. Angular has a very strict set of dependencies, and in changing the versions of those dependencies you've broken your app.

Make sure you keep updating your Angular project as often as is feasible, as the Angular team regularly update Angular's dependencies to mitigate these issues.

I had the same problem with literally the exact same number of vulnerabilities.

Check out the solution here