prisma-import icon indicating copy to clipboard operation
prisma-import copied to clipboard

Published 20 hours ago verified publisher icon ajmnz

Update @prisma/internals to v5.8.1

Open DanielleHuisman opened this issue 6 months ago • 2 comments

The current version of @prisma/internals depends on an insecure version of undici. By updating @prisma/internals this issue is resolved.

undici  <=5.26.1
Severity: high
Regular Expression Denial of Service in Headers - https://github.com/advisories/GHSA-r6ch-mqf9-qc9w
CRLF Injection in Nodejs ‘undici’ via host - https://github.com/advisories/GHSA-5r9g-qh6m-jxff
Undici's cookie header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-wqq4-5wpv-mx2g
No fix available
node_modules/undici
  @prisma/engine-core  2.0.0-1 - 2.0.0-previewnull-1 || 2.0.1-1 - 2.0.1-dev.3 || 2.1.0-dev.1 - 4.12.0-integration-views-fs.1
  Depends on vulnerable versions of undici
  node_modules/@prisma/engine-core
    @prisma/internals  <=4.12.0-integration-views-fs.1
    Depends on vulnerable versions of @prisma/engine-core
    node_modules/@prisma/internals
      prisma-import  *
      Depends on vulnerable versions of @prisma/internals
      node_modules/prisma-import

And I have a question: what is the maintenance status of this project? I see there are quite a few outdated dependencies and open PRs. Do you need any help?

DanielleHuisman avatar Jan 23 '24 10:01 DanielleHuisman