chore: bump dependencies & enable Dependabot #51

dreamorosi · 2024-06-04T08:43:43Z

npm ci shows a number of moderate severity vulnerabilities

dreamorosi · 2024-06-11T07:40:24Z

Working on this - I have fixed all the high severity ones via npm audit fix but there is still one moderate one:

Severity: moderate
phin may include sensitive headers in subsequent requests after redirect - https://github.com/advisories/GHSA-x565-32qp-m3vf
fix available via `npm audit fix --force`
Will install jimp@0.3.11, which is a breaking change
node_modules/phin
  load-bmfont  >=1.4.0
  Depends on vulnerable versions of phin
  node_modules/load-bmfont
    @jimp/plugin-print  >=0.4.0
    Depends on vulnerable versions of load-bmfont
    node_modules/@jimp/plugin-print
      @jimp/plugins  >=0.4.0
      Depends on vulnerable versions of @jimp/plugin-print
      node_modules/@jimp/plugins
        jimp  >=0.4.0
        Depends on vulnerable versions of @jimp/plugins
        node_modules/jimp

This is due to a transitive dependency of jimp - which we use for image generation in Node.js.

For now I'll push this change and address the remaining one later, as well as enabling Dependabot.

dreamorosi self-assigned this Jun 11, 2024

dreamorosi mentioned this issue Jun 11, 2024

chore(deps): bump node.js dependencies #64

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bump dependencies & enable Dependabot #51

chore: bump dependencies & enable Dependabot #51

dreamorosi commented Jun 4, 2024

dreamorosi commented Jun 11, 2024

chore: bump dependencies & enable Dependabot #51

chore: bump dependencies & enable Dependabot #51

Comments

dreamorosi commented Jun 4, 2024

dreamorosi commented Jun 11, 2024