search

rainbow-me / browser-extension

An Ethereum wallet built for speed 🌈
https://rainbow.me/
GNU General Public License v3.0
170 stars 40 forks source link

[CI] Bump webpack - vulnerability: GHSA-4vvj-4cpr-p986 #1687

Closed BrodyHughes closed 3 months ago

BrodyHughes commented 3 months ago

Fixes BX-1624

Vulnerability: GHSA-4vvj-4cpr-p986

Advisory title: Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS

Advisory URL: https://github.com/advisories/GHSA-4vvj-4cpr-p986

Deleted patch and yarn dev and yarn build both worked fine for me.

POW:

Screenshot 2024-08-28 at 9 49 47 AM
linear[bot] commented 3 months ago

BX-1624 Vulnerability: GHSA-4vvj-4cpr-p986

socket-security[bot] commented 3 months ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@types/estree@1.0.5 None 0 25.7 kB types
npm/acorn-import-attributes@1.9.5 None 0 32 kB xtuc
npm/enhanced-resolve@5.17.1 unsafe 0 212 kB evilebottnawi
npm/webpack@5.94.0 None 0 5.08 MB evilebottnawi, jhnns, sokra, ...1 more

🚮 Removed packages: npm/@types/eslint@8.4.6), npm/acorn-import-assertions@1.9.0), npm/enhanced-resolve@5.16.1), npm/webpack@5.79.0)

View full report↗︎