fix security flaws from dependabot

joyhughes / Jen

Image processing, generative photography, cellular automata

https://discord.gg/GQQHUbkf

20 stars 20 forks source link

fix security flaws from dependabot #144

Closed rudi-cilibrasi closed 1 month ago

rudi-cilibrasi commented 1 month ago

https://github.com/joyhughes/Jen/security/dependabot

joyhughes commented 1 month ago

@rudi-cilibrasi you can add the tags level1 (10 points), level2 (30 points), or level3 (45 points) depending on the complexity of the task. Without one of these tags the issue is worth only one point. Maybe bump it up a level if you think this is high severity.

rudi-cilibrasi commented 1 month ago

i will put level 3 assuming somebody fixes all. if somebody only does the most critical it is level 1.

joyhughes commented 1 month ago

Is it possible the move to Vite will resolve some of these?

The deprecated create-react-app gives a warning referencing Babel and may be the source of the critical issue.

joyhughes commented 1 month ago

The move to Vite (PR #152 ) fixed the two security issues including the one with "critical" severity. Seven issues remain.

joyhughes commented 1 month ago

PRs #153 and #154 fix remaining alerts. Issue is closed.