odd-app-template icon indicating copy to clipboard operation
odd-app-template copied to clipboard

Published 20 hours ago verified publisher icon oddsdk

updated deps fixing npm audit issues

Open jeffgca opened this issue 1 year ago • 1 comments

Description

Noticed this this morning:

➜ odd-app-template (main) ✔ npm audit
# npm audit report

@sveltejs/kit  <=1.15.1
Severity: high
SvelteKit vulnerable to Cross-Site Request Forgery - https://github.com/advisories/GHSA-5p75-vc5g-8rv2
SvelteKit framework has Insufficient CSRF protection for CORS requests - https://github.com/advisories/GHSA-gv7g-x59x-wf8f
Depends on vulnerable versions of undici
fix available via `npm audit fix`
node_modules/@sveltejs/kit

semver  <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
fix available via `npm audit fix`
node_modules/semver

undici  <=5.19.0
Severity: high
Regular Expression Denial of Service in Headers - https://github.com/advisories/GHSA-r6ch-mqf9-qc9w
CRLF Injection in Nodejs ‘undici’ via host - https://github.com/advisories/GHSA-5r9g-qh6m-jxff
fix available via `npm audit fix`
node_modules/undici

vite  4.0.0 - 4.0.4
Severity: high
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) - https://github.com/advisories/GHSA-353f-5xf4-qw67
fix available via `npm audit fix`
node_modules/vite

4 vulnerabilities (1 moderate, 3 high)

To address all issues, run:
  npm audit fix

jeffgca avatar Jun 23 '23 16:06 jeffgca

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
odd-app-template ✅ Ready (Inspect) Visit Preview Jun 23, 2023 4:39pm

vercel[bot] avatar Jun 23 '23 16:06 vercel[bot]