Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(dependencies): update vulnerable packages #68

Merged
merged 1 commit into from
Jun 25, 2024
Merged

build(dependencies): update vulnerable packages #68

merged 1 commit into from
Jun 25, 2024

Conversation

kchung
Copy link
Collaborator

@kchung kchung commented Jun 25, 2024

Ran npm audit fix on a few vulnerable packages

$ npm audit
# npm audit report

braces  <3.0.3
Severity: high
Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
fix available via `npm audit fix`
node_modules/braces

ip  *
Severity: high
NPM IP package incorrectly identifies some private IP addresses as public - https://github.com/advisories/GHSA-78xj-cgh5-2h22
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix`
node_modules/npm/node_modules/ip

tar  <6.2.1
Severity: moderate
Denial of service while parsing a tar file due to lack of folders count validation - https://github.com/advisories/GHSA-f5x3-32g6-xq36
fix available via `npm audit fix`
node_modules/npm/node_modules/tar
  npm  <=10.5.0
  Depends on vulnerable versions of tar
  node_modules/npm

4 vulnerabilities (2 moderate, 2 high)

@kchung kchung merged commit d92c6f4 into alpha Jun 25, 2024
3 checks passed
@kchung kchung deleted the update-vulns branch June 25, 2024 23:54
@github-actions GitHub Actions
Copy link

🎉 This PR is included in version 1.0.0-alpha.13 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

bashunaimiroy added a commit that referenced this pull request Nov 20, 2024
@bashunaimiroy
Merge branch 'alpha' into methods-at-any-location
04cef82 
* alpha:
  fix: use `seller_preferred_fulfillment` for default fulfillment (#73)
  feat: use store-info resource (#72)
  fix: Item filters not working and resolve the filter name mismatch (#70)
  fix: fix integrity missing cross origin anonymous (#69)
  build(dependencies): update vulnerable packages (#68)
  fix: add integrity to cdn scripts and remove unused (#67)
  chore: add integrity to cdn scripts and remove unused (#66)
  ci(github-actions): use specific semantic-release version (#63)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
released on @alpha
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kchung