[Bug] umi和umi plugin的依赖树中,存在一些cve高危漏洞 #12063
Labels
Comments
|
由于缺乏足够的信息,我们暂时关闭了该 Issue。请修改(不要回复) Issue 提供最小重现以重新开启。谢谢。 |
PhoebeLiu718
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What happens?
在最新版(4.1.0)的umi和umi plugin的依赖树中,存在一些高危漏洞,是否可以通过升级依赖修复?比如:
umi 4.1.0-> @umijs/bundler-webpack 4.1.0 -> plugin-jsx 6.5.1 -> @babel/core 7.23.0 -> @babel/traverse/7.23.0 中存在CVE-2023-45133
umi 4.1.0-> @umijs/plugin 4.1.0 -> axios 0.27.2 中存在CVE-2023-45857
umi 4.1.0-> @umijs/plugin 4.1.0 -> dvajs/dva 1.0.1 -> immer 8.0.4 中存在CVE-2021-23436 、CVE-2021-3757
Mini Showcase Repository(REQUIRED)
package.json如下
"dependencies": {
"antd": "^5.10.2",
"dayjs": "^1.11.10",
"echarts": "^5.4.3",
"js-cookie": "^3.0.5",
"jsencrypt": "^3.3.2",
"lodash": "^4.17.21",
"react-code-blocks": "^0.1.5",
"react-copy-to-clipboard": "^5.1.0",
"umi": "^4.1.0"
},
"devDependencies": {
"@types/react": "^18.0.33",
"@types/react-dom": "^18.0.11",
"@umijs/plugins": "^4.1.0",
"prettier": "^2.8.8",
"prettier-plugin-organize-imports": "^3.2.2",
"prettier-plugin-packagejson": "^2.4.3",
"typescript": "^5.0.3"
}
How To Reproduce
Steps to reproduce the behavior:
Expected behavior
不再扫描出漏洞
Context
The text was updated successfully, but these errors were encountered: