trent_larson
/
crowd-funder-for-time-pwa
4
1
Fork 2
Code Pull Requests 4 Releases 5 Wiki Activity
Labels Milestones

fix: npm audit fix to resolve vulnerabilities 1 low, 3 moderate, 1 high #108

Merged
trentlarson merged 1 commits from jsnbuchanan/crowd-funder-for-time-pwa:master into master 10 months ago
Conversation 0 Commits 1 Files Changed 1
jsnbuchanan commented 10 months ago
Owner

Previously an npm audit revealed 14 vulnerabilities (1 low, 12 moderate, 1 high)

I ran npm audit fix to resolve 5 vulnerabilities (1 low, 3 moderate, 1 high).

There are still 9 moderate severity vulnerabilities, but I will work on those independentally because they may involve updating to library version that have breaking changes.

Fixed

Previously an `npm audit` revealed `14 vulnerabilities (1 low, 12 moderate, 1 high)` I ran `npm audit fix` to resolve `5 vulnerabilities (1 low, 3 moderate, 1 high)`. There are still `9 moderate severity vulnerabilities`, but I will work on those independentally because they may involve updating to library version that have breaking changes. # Fixed - **Severity: moderate** *(follow-redirects <=1.15.5)* follow-redirects' Proxy-Authorization header kept across hosts see https://github.com/advisories/GHSA-cxjh-pqwp-8mfp - **Severity: moderate** *(ip <1.1.9)* NPM IP package incorrectly identifies some private IP addresses as public see https://github.com/advisories/GHSA-78xj-cgh5-2h22 - **Severity: moderate** *(jose 3.0.0 - 4.15.4)* jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext see https://github.com/advisories/GHSA-hhhv-q57g-882q - **Severity: low** *(undici <=5.28.2)* Undici proxy-authorization header not cleared on cross-origin redirect in fetch see https://github.com/advisories/GHSA-3787-6prv-h9w3 - **Severity: high** *(webpack-dev-middleware <=5.3.3)* Path traversal in webpack-dev-middleware see https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
jsnbuchanan added 1 commit 10 months ago
7ce00b86e8
deps: npm audit fix to resolve vulnerabilities 1 low, 3 moderate, 1 high
jsnbuchanan requested review from trentlarson 10 months ago
trentlarson merged commit cc6d0958dc into master 10 months ago

Reviewers

trentlarson was requested for review 10 months ago
The pull request has been merged as cc6d0958dc.
Sign in to join this conversation.
Reviewers
Request review
No reviewers
trentlarson
Labels
Apply labels
Clear labels
No items
No Label
Milestone
Set milestone
Clear milestone
No items
No Milestone
Assignees
Assign users
Clear assignees
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This pull request currently doesn't have any dependencies.

Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch 'jsnbuchanan/crowd-funder-for-time-pwa:master'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes