Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make sure all dependencies are up to date #3

Closed
nickhamze opened this issue Jan 21, 2020 · 7 comments
Closed

Make sure all dependencies are up to date #3

nickhamze opened this issue Jan 21, 2020 · 7 comments

Comments

@nickhamze
Copy link
Member

GitHub says one of the dependencies is vulnerable can we make sure they are all up to date.

@seb86
Copy link
Collaborator

seb86 commented Jan 21, 2020

Which one?

@nickhamze
Copy link
Member Author

nickhamze commented Jan 21, 2020

WS-2018-0236 More information
moderate severity
Vulnerable versions: < 4.0.0
Patched version: 4.0.0
In nodejs-mem before version 4.0.0 there is a memory leak due to old results not being removed from the cache despite reaching maxAge. Exploitation of this can lead to exhaustion of memory and subsequent denial of service.

@seb86
Copy link
Collaborator

seb86 commented Jan 21, 2020

I will see if I can override it. A lot of the packages are handled via this script. https://github.com/ahmadawais/create-guten-block

@nickhamze
Copy link
Member Author

I don't know what the differences are or anything but JR is porting all my old blocks over to something called WP Scripts instead of CGB:
sortabrilliant/ghostwriter@4ac97ac
https://developer.wordpress.org/block-editor/packages/packages-scripts/

@seb86
Copy link
Collaborator

seb86 commented Jan 21, 2020

Cool. I will look into porting over once I have made the requested tweaks and tested more.

@nickhamze
Copy link
Member Author

Sounds good. I'm so excited. I can't wait to see how people react.

@nickhamze
Copy link
Member Author

I found out about this today too. Suppose to make creating blocks really easy:
WordPress/gutenberg#19773

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants