search

iTwin / itwinjs-core

Monorepo for iTwin.js Library
https://www.itwinjs.org
MIT License
606 stars 210 forks source link

Resolve GHSA-gcx4-mw62-g8wm #7189

Closed GytisCepk closed 4 days ago

GytisCepk commented 4 days ago 
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high                │ DOM Clobbering Gadget found in rollup bundled scripts  │
│                     │ that leads to XSS                                      │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ rollup                                                 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=4.0.0 <4.22.4                                        │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=4.22.4                                               │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ ../../test-apps/display-performance-test-app >         │
│                     │ vite@5.4.6 > rollup@4.20.0                             │
│                     │                                                        │
│                     │ ../../test-apps/display-performance-test-app >         │
│                     │ vite-plugin-inspect@0.8.4 > vite@5.4.6 > rollup@4.20.0 │
│                     │                                                        │
│                     │ ../../test-apps/display-test-app > vite@5.4.6 >        │
│                     │ rollup@4.20.0                                          │
│                     │                                                        │
│                     │ ... Found 4 paths, run `pnpm why rollup` for more      │
│                     │ information                                            │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-gcx4-mw62-g8wm      │
└─────────────────────┴────────────────────────────────────────────────────────┘
aruniverse commented 4 days ago

@mergifyio backport release/4.9.x

mergify[bot] commented 4 days ago

backport release/4.9.x

✅ Backports have been created

* [#7191 Resolve GHSA-gcx4-mw62-g8wm (backport #7189) [release/4.9.x]](https://github.com/iTwin/itwinjs-core/pull/7191) has been created for branch `release/4.9.x` but encountered conflicts