Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade vulnerable dependency versions #1023

Merged
merged 2 commits into from
Feb 21, 2024
Merged

upgrade vulnerable dependency versions #1023

merged 2 commits into from
Feb 21, 2024

Conversation

amyipdev
Copy link
Collaborator

The following dependencies were listed as vulnerable by npm audit:

  • @sveltejs/kit: v1.30.3->v1.30.4 due to (low):
    • undici: v5.26.5->v5.28.3 (low)
  • vite: v4.5.1 -> v4.5.2 (high)

This patch fixes the following vulnerabilities:

Except for svelte-check (fails due to lack of environment), all checks pass per npm run all. Site loads correctly on npm run dev.

Signed-off-by: Amy Parker amy@amyip.net

@amyipdev
upgrade vulnerable dependency versions
b8521c6 
The following dependencies were listed as vulnerable by npm audit:
- @sveltejs/kit: v1.30.3->v1.30.4 due to (low):
  - undici: v5.26.5->v5.28.3 (low)
- vite: v4.5.1 -> v4.5.2 (**high**)

This patch fixes the following vulnerabilities:
- undici: GHSA-3787-6prv-h9w3 (proxy-authorization header...)
- vite: GHSA-c24v-8rfc-w8vw (server.fs.deny bypass...)

Except for svelte-check (fails due to lack of environment), all checks
pass per `npm run all`. Site loads correctly on `npm run dev`.

Signed-off-by: Amy Parker <amy@amyip.net>
@netlify Netlify
Copy link

netlify bot commented Feb 21, 2024
edited

Deploy Preview for acmcsuf ready!

Name Link
🔨 Latest commit 38435b1
🔍 Latest deploy log https://app.netlify.com/sites/acmcsuf/deploys/65d5a8c4ec5c650008527147
😎 Deploy Preview https://deploy-preview-1023--acmcsuf.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

EthanThatOneKid
EthanThatOneKid approved these changes Feb 21, 2024
View reviewed changes
Copy link
Owner

@EthanThatOneKid EthanThatOneKid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems safer to me; thanks!

@EthanThatOneKid EthanThatOneKid merged commit 616d38c into EthanThatOneKid:main Feb 21, 2024
5 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@EthanThatOneKid EthanThatOneKid EthanThatOneKid approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@amyipdev @EthanThatOneKid