We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
在最新版(4.1.0)的umi和umi plugin的依赖树中,存在一些高危漏洞,是否可以通过升级依赖修复?比如: umi 4.1.0-> @umijs/bundler-webpack 4.1.0 -> plugin-jsx 6.5.1 -> @babel/core 7.23.0 -> @babel/traverse/7.23.0 中存在CVE-2023-45133 umi 4.1.0-> @umijs/plugin 4.1.0 -> axios 0.27.2 中存在CVE-2023-45857 umi 4.1.0-> @umijs/plugin 4.1.0 -> dvajs/dva 1.0.1 -> immer 8.0.4 中存在CVE-2021-23436 、CVE-2021-3757
package.json如下
"dependencies": { "antd": "^5.10.2", "dayjs": "^1.11.10", "echarts": "^5.4.3", "js-cookie": "^3.0.5", "jsencrypt": "^3.3.2", "lodash": "^4.17.21", "react-code-blocks": "^0.1.5", "react-copy-to-clipboard": "^5.1.0", "umi": "^4.1.0" }, "devDependencies": { "@types/react": "^18.0.33", "@types/react-dom": "^18.0.11", "@umijs/plugins": "^4.1.0", "prettier": "^2.8.8", "prettier-plugin-organize-imports": "^3.2.2", "prettier-plugin-packagejson": "^2.4.3", "typescript": "^5.0.3" }
Steps to reproduce the behavior:
Expected behavior 不再扫描出漏洞
The text was updated successfully, but these errors were encountered:
由于缺乏足够的信息,我们暂时关闭了该 Issue。请修改(不要回复) Issue 提供最小重现以重新开启。谢谢。
Sorry, something went wrong.
No branches or pull requests
What happens?
在最新版(4.1.0)的umi和umi plugin的依赖树中,存在一些高危漏洞,是否可以通过升级依赖修复?比如:
umi 4.1.0-> @umijs/bundler-webpack 4.1.0 -> plugin-jsx 6.5.1 -> @babel/core 7.23.0 -> @babel/traverse/7.23.0 中存在CVE-2023-45133
umi 4.1.0-> @umijs/plugin 4.1.0 -> axios 0.27.2 中存在CVE-2023-45857
umi 4.1.0-> @umijs/plugin 4.1.0 -> dvajs/dva 1.0.1 -> immer 8.0.4 中存在CVE-2021-23436 、CVE-2021-3757
Mini Showcase Repository(REQUIRED)
package.json如下
"dependencies": {
"antd": "^5.10.2",
"dayjs": "^1.11.10",
"echarts": "^5.4.3",
"js-cookie": "^3.0.5",
"jsencrypt": "^3.3.2",
"lodash": "^4.17.21",
"react-code-blocks": "^0.1.5",
"react-copy-to-clipboard": "^5.1.0",
"umi": "^4.1.0"
},
"devDependencies": {
"@types/react": "^18.0.33",
"@types/react-dom": "^18.0.11",
"@umijs/plugins": "^4.1.0",
"prettier": "^2.8.8",
"prettier-plugin-organize-imports": "^3.2.2",
"prettier-plugin-packagejson": "^2.4.3",
"typescript": "^5.0.3"
}
How To Reproduce
Steps to reproduce the behavior:
Expected behavior
不再扫描出漏洞
Context
The text was updated successfully, but these errors were encountered: