fix: npm audit fix to resolve vulnerabilities 1 low, 3 moderate, 1 high #108

Merged
trentlarson merged 1 commits from jsnbuchanan/crowd-funder-for-time-pwa:master into master 8 months ago
Owner

Previously an npm audit revealed 14 vulnerabilities (1 low, 12 moderate, 1 high)

I ran npm audit fix to resolve 5 vulnerabilities (1 low, 3 moderate, 1 high).

There are still 9 moderate severity vulnerabilities, but I will work on those independentally because they may involve updating to library version that have breaking changes.

Fixed

Previously an `npm audit` revealed `14 vulnerabilities (1 low, 12 moderate, 1 high)` I ran `npm audit fix` to resolve `5 vulnerabilities (1 low, 3 moderate, 1 high)`. There are still `9 moderate severity vulnerabilities`, but I will work on those independentally because they may involve updating to library version that have breaking changes. # Fixed - **Severity: moderate** *(follow-redirects <=1.15.5)* follow-redirects' Proxy-Authorization header kept across hosts see https://github.com/advisories/GHSA-cxjh-pqwp-8mfp - **Severity: moderate** *(ip <1.1.9)* NPM IP package incorrectly identifies some private IP addresses as public see https://github.com/advisories/GHSA-78xj-cgh5-2h22 - **Severity: moderate** *(jose 3.0.0 - 4.15.4)* jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext see https://github.com/advisories/GHSA-hhhv-q57g-882q - **Severity: low** *(undici <=5.28.2)* Undici proxy-authorization header not cleared on cross-origin redirect in fetch see https://github.com/advisories/GHSA-3787-6prv-h9w3 - **Severity: high** *(webpack-dev-middleware <=5.3.3)* Path traversal in webpack-dev-middleware see https://github.com/advisories/GHSA-wr3j-pwj9-hqq6
jsnbuchanan added 1 commit 8 months ago
7ce00b86e8
deps: npm audit fix to resolve vulnerabilities 1 low, 3 moderate, 1 high
jsnbuchanan requested review from trentlarson 8 months ago
trentlarson merged commit cc6d0958dc into master 8 months ago

Reviewers

trentlarson was requested for review 8 months ago
The pull request has been merged as cc6d0958dc.
Sign in to join this conversation.
No reviewers
No Label
No Milestone
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This pull request currently doesn't have any dependencies.

Loading…
There is no content yet.