search

utdal / profiles

A simple CRUD/search profile system for research profiles, providing user-editable information and basic pages to aesthetically promote and highlight researcher activities and achievements.
MIT License
6 stars 0 forks source link

NPM Updates October 2023 #136

Closed betsyecastro closed 3 months ago

betsyecastro commented 9 months ago

npm audit report

@babel/traverse <7.23.2 Severity: critical Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92 fix available via npm audit fix node_modules/@babel/traverse

browserify-sign 2.6.0 - 4.2.1 Severity: high browserify-sign upper bound check issue in dsaVerify leads to a signature forgery attack - https://github.com/advisories/GHSA-x9w5-v3q2-3rhw fix available via npm audit fix node_modules/browserify-sign

postcss <8.4.31 Severity: moderate PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j

npm ls

├── @fortawesome/fontawesome-free@5.15.4 ├── @fortawesome/fontawesome-svg-core@1.2.36 ├── @fortawesome/free-brands-svg-icons@5.15.4 ├── @fortawesome/free-regular-svg-icons@5.15.4 ├── @fortawesome/free-solid-svg-icons@5.15.4 ├── @prettier/plugin-php@0.18.9 ├── @shufo/prettier-plugin-blade@1.10.0 ├── bootstrap-datepicker@1.10.0 ├── bootstrap@4.6.2 ├── bootstrap4-tagsinput@4.2.2 (git+ssh://git@github.com/utdallasresearch/bootstrap4-tagsinput.git#76e6df2e2ff82b5aeaa3a506144b36cd8b6f8f9c) ├── corejs-typeahead@1.3.3 ├── jquery@3.7.0 ├── laravel-mix@6.0.49 ├── popper.js@1.16.1 ├── postcss@8.4.31 ├── prettier@2.8.8 ├── puppeteer@16.2.0 ├── resolve-url-loader@5.0.0 ├── sass-loader@8.0.2 ├── sass@1.64.0 ├── sortablejs@1.15.0 ├── trix@0.11.4 └── vue-template-compiler@2.7.14

wunc commented 3 months ago

Cancelling, since we have a newer PR that is more up-to-date