Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

updated deps fixing npm audit issues #129

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

jeffgca
Copy link
Contributor

@jeffgca jeffgca commented Jun 23, 2023

Description

Noticed this this morning:

➜ odd-app-template (main) ✔ npm audit
# npm audit report

@sveltejs/kit  <=1.15.1
Severity: high
SvelteKit vulnerable to Cross-Site Request Forgery - https://github.com/advisories/GHSA-5p75-vc5g-8rv2
SvelteKit framework has Insufficient CSRF protection for CORS requests - https://github.com/advisories/GHSA-gv7g-x59x-wf8f
Depends on vulnerable versions of undici
fix available via `npm audit fix`
node_modules/@sveltejs/kit

semver  <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/semver

undici  <=5.19.0
Severity: high
Regular Expression Denial of Service in Headers - https://github.com/advisories/GHSA-r6ch-mqf9-qc9w
CRLF Injection in Nodejs ‘undici’ via host - https://github.com/advisories/GHSA-5r9g-qh6m-jxff
fix available via `npm audit fix`
node_modules/undici

vite  4.0.0 - 4.0.4
Severity: high
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) - https://github.com/advisories/GHSA-353f-5xf4-qw67
fix available via `npm audit fix`
node_modules/vite

4 vulnerabilities (1 moderate, 3 high)

To address all issues, run:
  npm audit fix

@vercel
Copy link

vercel bot commented Jun 23, 2023

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
odd-app-template ✅ Ready (Inspect) Visit Preview Jun 23, 2023 4:39pm

@jeffgca jeffgca requested a review from avivash June 23, 2023 16:39
Copy link
Member

@avivash avivash left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice, thanks for taking a look! i'll check the other repos later today too 👍🏼

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants