Hi.Events icon indicating copy to clipboard operation
Hi.Events copied to clipboard
Published 2 months ago verified publisher icon HiEventsDev

🐛7 high severity security vulnerabilities in frontend and 21 others!

Open jakob-info opened this issue 9 months ago • 1 comments

Describe the bug Composer flagged a XSS vulnerabilty in league/commonmark, a dependency from laravel. The newest Laravel version 12.13.0 upgrades the dependency thus fixes that issue. More importantly, the app has 7 high severity security vulnerabilites reported by github. Consider githubs dependabot to automatically fix these issues!

To Reproduce

  1. cd backend/
  2. run composer audit
  3. run comoser update to update dependencies

Expected behavior The develop branch should use the latest minor versions of dependencies as they are non-breaking and include security fixes.

Screenshots Image

Logs -,

Desktop and Smartphone:

  • all devices

Hi.Events Version and platform Local the latest version 0.0.1

Additional context -,

jakob-info avatar May 08 '25 07:05 jakob-info

Thanks! I'll address these soon. Thankfully, they're more scary than they look, as the affected features aren't in use

daveearley avatar May 12 '25 01:05 daveearley