Closed CodeCraftPlugin closed 9 months ago
So the security CVE mentioned doesn't really involve our code but rather the previously recommended way of exposing TAURI_*
environment variables in vite.conf.js
. Read more about it here https://github.com/tauri-apps/tauri/security/advisories/GHSA-2rcp-jvr4-r259 and the mitigation required.
The reason why you see the error, even if you updated the CLI to latest version is because we made a mistake when publish the CVE and didn't list that 1.5.6
is considered a fixed version but that should be fixed now.
Describe the bug
First of all i am new to appdev with tauri and i was seting it up using npm i am using my project file settings are javascript-npm-react when runing npm install i get a high severity risk
Reproduction
javascript-npm-react when runing npm install i get a high severity risk
Expected behavior
well get no high severity risk
Full
tauri info
outputStack trace
No response
Additional context
No response