Open t1gu1 opened 1 month ago
I see the same on my end with :
- Windows 11
- Node ➜ v20.12.0
- tinacms ➜ 1.6.1
- tinacms/cli ➜ 1.5.43
Terminal output :
# npm audit report
axios 0.8.1 - 0.27.2
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
No fix available
node_modules/axios
@tinacms/cli *
Depends on vulnerable versions of @tinacms/app
Depends on vulnerable versions of axios
Depends on vulnerable versions of tinacms
node_modules/@tinacms/cli
lodash.set *
Severity: high
Prototype Pollution in lodash - https://github.com/advisories/GHSA-p6mc-m468-83gw
No fix available
node_modules/lodash.set
tinacms <=0.0.0-20240328200248 || 0.4.0-dev.0 || >=0.50.0
Depends on vulnerable versions of lodash.set
node_modules/tinacms
@tinacms/app <=0.0.22 || >=1.2.0
Depends on vulnerable versions of tinacms
node_modules/@tinacms/app
5 vulnerabilities (1 moderate, 4 high)
Some issues need review, and may require choosing
a different dependency.
May bumping up these dependencies be simple, straightforward and break nothing 🤞
Parked in Sprint 3 due to onboarding issues
Describe the issue that you're seeing. Any Loom videos or screenshots usually help a lot!
Some package contain vulnerabilities.
Reproduction
localhost
Steps to reproduce
System Info
Validations