Security updates #6
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This update was performed by running `npm audit fix`. `npm audit` results: ``` @adobe/css-tools <=4.3.1 Severity: moderate @adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS - GHSA-hpx4-r86g-5jrg @adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity - GHSA-prr3-c3m5-p7q2 fix available via `npm audit fix` node_modules/@adobe/css-tools axios 1.0.0 - 1.5.1 Severity: moderate Axios Cross-Site Request Forgery Vulnerability - GHSA-wf5p-g6vw-rhxx fix available via `npm audit fix` node_modules/axios crypto-js <4.2.0 Severity: critical crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard - GHSA-xwcq-pm8m-c4vf fix available via `npm audit fix` node_modules/crypto-js express <4.19.2 Severity: moderate Express.js Open Redirect in malformed URLs - GHSA-rv95-896h-c2vc fix available via `npm audit fix` node_modules/express follow-redirects <=1.15.5 Severity: moderate Follow Redirects improperly handles URLs in the url.parse() function - GHSA-jchw-25xp-jwwc follow-redirects' Proxy-Authorization header kept across hosts - GHSA-cxjh-pqwp-8mfp fix available via `npm audit fix` node_modules/follow-redirects graphql 16.3.0 - 16.8.0 Severity: moderate graphql Uncontrolled Resource Consumption vulnerability - GHSA-9pv7-vfvm-6vr7 fix available via `npm audit fix` node_modules/graphql semver <5.7.2 || >=6.0.0 <6.3.1 Severity: moderate semver vulnerable to Regular Expression Denial of Service - GHSA-c2qf-rxjj-qqgw semver vulnerable to Regular Expression Denial of Service - GHSA-c2qf-rxjj-qqgw fix available via `npm audit fix` node_modules/@babel/core/node_modules/semver node_modules/@babel/eslint-parser/node_modules/semver node_modules/@babel/helper-compilation-targets/node_modules/semver node_modules/@babel/helper-create-class-features-plugin/node_modules/semver node_modules/eslint-plugin-import/node_modules/semver node_modules/eslint-plugin-jsx-a11y/node_modules/semver node_modules/eslint-plugin-node/node_modules/semver node_modules/eslint-plugin-react/node_modules/semver node_modules/make-dir/node_modules/semver node_modules/normalize-package-data/node_modules/semver node_modules/npm-run-all/node_modules/semver tar <6.2.1 Severity: moderate Denial of service while parsing a tar file due to lack of folders count validation - GHSA-f5x3-32g6-xq36 fix available via `npm audit fix` node_modules/tar vite 4.0.0 - 4.5.2 Severity: moderate Vite's `server.fs.deny` did not deny requests for patterns with directories. - GHSA-8jhw-289h-jh2g fix available via `npm audit fix` node_modules/@vanilla-extract/integration/node_modules/vite node_modules/vite-node/node_modules/vite word-wrap <1.2.4 Severity: moderate word-wrap vulnerable to Regular Expression Denial of Service - GHSA-j8xg-fqg3-53r7 fix available via `npm audit fix` node_modules/word-wrap zod <=3.22.2 Zod denial of service vulnerability - GHSA-m95q-7qp3-xv42 fix available via `npm audit fix` node_modules/zod 11 vulnerabilities (1 low, 9 moderate, 1 critical) ```
jaidetree
approved these changes
Apr 24, 2024
jmezzacappa
added a commit
that referenced
this pull request
Apr 24, 2024
The format introduced in PR #6 is causing a build failure
jmezzacappa
added a commit
that referenced
this pull request
Apr 24, 2024
The format introduced in PR #6 is causing a build failure
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
npm audit fix(see commit log for npm audit report)