search

codedbychavez / configcat-vue

Vue.js SDK for ConfigCat Feature Flags (community maintained)
https://configcat.com/docs/sdk-reference/community/vue/
3 stars 1 forks source link

Fix Security Bugs #46

Closed codedbychavez closed 14 hours ago

codedbychavez commented 14 hours ago

Pull Request

Description:

Fix security vulnerabilities reported by npm audit:

# npm audit report

rollup  4.0.0 - 4.22.3
Severity: high
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS - https://github.com/advisories/GHSA-gcx4-mw62-g8wm
fix available via `npm audit fix`
node_modules/rollup

vite  5.4.0 - 5.4.5
Severity: moderate
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS - https://github.com/advisories/GHSA-64vr-g452-qvp3
Vite's `server.fs.deny` is bypassed when using `?import&raw` - https://github.com/advisories/GHSA-9cwx-2883-4wfx
fix available via `npm audit fix`
node_modules/vite

2 vulnerabilities (1 moderate, 1 high)

Changes: Execute the npm audit fix command to fix the issues.

Testing: Execute the npm run test to test the changes.

Related Issues: