npm install is showing vulnaribility due to class-validator ^0.13.1

Hello
Whenever I am running npm install, I am getting critical severity vulnerabilities. npm audit fix --force rollback express-sharp to 3.1.1, however, it again shows vulnerabilities there for other packages. Currently, I am in a loop and cannot solve this. Can someone please help me here to solve this? 

Any help or guidance is much appreciated. Thanks in advance.

**Error when express-sharp 4.2.41 is used:**
```
class-validator  <0.14.0
Severity: critical
SQL Injection and Cross-site Scripting in class-validator - https://github.com/advisories/GHSA-fj58-h2fr-3pp2
fix available via `npm audit fix --force`
Will install express-sharp@3.1.1, which is a breaking change
node_modules/class-validator
  express-sharp  >=4.0.1
  Depends on vulnerable versions of class-validator
  node_modules/express-sharp

2 critical severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force
```

<img width="637" alt="image" src="https://user-images.githubusercontent.com/25023996/222315878-e4744bd7-b588-4f48-9a8c-522abd3b6747.png">


**Error when express-sharp 3.1.1 is used:**
```

# npm audit report

got  <11.8.5
Severity: moderate
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
fix available via `npm audit fix --force`
Will install express-sharp@4.2.41, which is a breaking change
node_modules/got
  express-sharp  <=4.2.40
  Depends on vulnerable versions of express-validator
  Depends on vulnerable versions of got
  Depends on vulnerable versions of sharp
  node_modules/express-sharp

sharp  <0.30.5
Severity: moderate
sharp vulnerable to Command Injection in post-installation over build environment - https://github.com/advisories/GHSA-gp95-ppv5-3jc5
fix available via `npm audit fix --force`
Will install express-sharp@4.2.41, which is a breaking change
node_modules/sharp

validator  <13.7.0
Severity: moderate
Inefficient Regular Expression Complexity in validator.js - https://github.com/advisories/GHSA-qgmg-gppg-76g5
fix available via `npm audit fix --force`
Will install express-sharp@4.2.41, which is a breaking change
node_modules/express-sharp/node_modules/validator
  express-validator  0.2.0 - 6.4.1
  Depends on vulnerable versions of validator
  node_modules/express-sharp/node_modules/express-validator

5 moderate severity vulnerabilities
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

npm install is showing vulnaribility due to class-validator ^0.13.1 #595

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

npm install is showing vulnaribility due to class-validator ^0.13.1 #595

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions