Skip to content

Bump dependencies to their latest versions#24

Merged
coderdiaz merged 1 commit intocoderdiaz:mainfrom
deining:bump-deps
Feb 9, 2026
Merged

Bump dependencies to their latest versions#24
coderdiaz merged 1 commit intocoderdiaz:mainfrom
deining:bump-deps

Conversation

@deining
Copy link
Contributor

@deining deining commented Feb 7, 2026

This PR bumps dependencies to their latest versions.

The current versions do have security issues:

# npm audit report

astro  <=5.15.8
Severity: high
Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass - https://github.com/advisories/GHSA-hr2q-hp5q-x767
Astro vulnerable to reflected XSS via the server islands feature - https://github.com/advisories/GHSA-wrwg-2hg8-v723
Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint - https://github.com/advisories/GHSA-fvmw-cj7j-j39q
Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values - https://github.com/advisories/GHSA-ggxq-hp9w-j794
Astro development server error page is vulnerable to reflected Cross-site Scripting - https://github.com/advisories/GHSA-w2vj-39qv-7vh7
Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765 - https://github.com/advisories/GHSA-whqg-ppgf-wp8c

@coderdiaz
Copy link
Owner

coderdiaz commented Feb 9, 2026

Hey @deining thanks for your contribution!

@coderdiaz coderdiaz merged commit f4b51b0 into coderdiaz:main Feb 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderdiaz coderdiaz coderdiaz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@deining @coderdiaz