I am trying to install the test helpers according to https://docs.openzeppelin.com/test-helpers/0.5/
And I'm getting the following vulnerabilities
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Low Insecure Credential Storage
Package web3
Patched in No patch available
Dependency of @openzeppelin/test-helpers [dev]
Path @openzeppelin/test-helpers > @truffle/contract >
@truffle/interface-adapter > web3
More info https://npmjs.com/advisories/877
Low Insecure Credential Storage
Package web3
Patched in No patch available
Dependency of @openzeppelin/test-helpers [dev]
Path @openzeppelin/test-helpers > @truffle/contract > web3
More info https://npmjs.com/advisories/877
Low Insecure Credential Storage
Package web3
Patched in No patch available
Dependency of @openzeppelin/test-helpers [dev]
Path @openzeppelin/test-helpers > web3
More info https://npmjs.com/advisories/877
Low Denial of Service
Package mem
Patched in >=4.0.0
Dependency of @openzeppelin/test-helpers [dev]
Path @openzeppelin/test-helpers > @truffle/contract >
@ensdomains/ensjs > @ensdomains/ens > ethereumjs-testrpc >
webpack > yargs > os-locale > mem
More info https://npmjs.com/advisories/1084
Low Prototype Pollution
Package yargs-parser
Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2
Dependency of @openzeppelin/test-helpers [dev]
Path @openzeppelin/test-helpers > @truffle/contract >
@ensdomains/ensjs > @ensdomains/ens > ethereumjs-testrpc >
webpack > yargs > yargs-parser
More info https://npmjs.com/advisories/1500
Low Prototype Pollution
Package yargs-parser
Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2
Dependency of @openzeppelin/test-helpers [dev]
Path @openzeppelin/test-helpers > @truffle/contract >
@ensdomains/ensjs > @ensdomains/ens > solc > yargs >
yargs-parser
More info https://npmjs.com/advisories/1500
Moderate Use of a Broken or Risky Cryptographic Algorithm
Package elliptic
Patched in >=6.5.4
Dependency of @openzeppelin/test-helpers [dev]
Path @openzeppelin/test-helpers > @truffle/contract >
@ensdomains/ensjs > @ensdomains/ens > ganache-cli >
ethereumjs-util > elliptic
More info https://npmjs.com/advisories/1648
Moderate Use of a Broken or Risky Cryptographic Algorithm
Package elliptic
Patched in >=6.5.4
Dependency of @openzeppelin/test-helpers [dev]
Path @openzeppelin/test-helpers > @truffle/contract >
@ensdomains/ensjs > @ensdomains/ens > ganache-cli >
ethereumjs-util > ethereum-cryptography > secp256k1 >
elliptic
More info https://npmjs.com/advisories/1648
** High Prototype Pollution**
** Package y18n**
** Patched in >=5.0.5||>=4.0.1 <5.0.0||>=3.2.2 <4.0.0**
** Dependency of @openzeppelin/test-helpers [dev]**
** Path @openzeppelin/test-helpers > @truffle/contract >**
** @ensdomains/ensjs > @ensdomains/ens > ganache-cli > yargs >**
** y18n**
** More info https://npmjs.com/advisories/1654**
Moderate Regular expression denial of service
Package glob-parent
Patched in >=5.1.2
Dependency of @openzeppelin/test-helpers [dev]
Path @openzeppelin/test-helpers > @truffle/contract >
@ensdomains/ensjs > @ensdomains/ens > ethereumjs-testrpc >
webpack > watchpack > watchpack-chokidar2 > chokidar >
glob-parent
More info https://npmjs.com/advisories/1751
I know when working with nodes usually are raised lot of warnings and errors, but since it's a High vulnerability and it's a matter of security I want to double check that I can keep going.
I've re-installed ganache, truffle, hardhat, y18n, yargs and npm but it's still the same warnings.
Environment
ganache-cli@6.12.2
truffle@5.4.11
hardhat@2.6.4
npm@6.14.15
y18n@6.14.15
yargs@7.24.0
windows10
Should I pay attention or just keep going?
Thank you and have a nice day
