Skip to content

Commit ddd2ac4

Browse files
authored
chore(deps): npm audit fix in website (uuid, brace-expansion, next patch) (#78)
Output of `npm audit fix --legacy-peer-deps`: - uuid 11.1.0 -> 11.1.1 (fixes GHSA-w5hq-g745-h8pq buffer bounds check, dependabot alert #30) - brace-expansion 5.0.3 -> 5.0.6 and 1.1.12 -> 1.1.14 (fixes GHSA-f886-m6hf-6m8v ReDoS via zero-step sequence) - next 15.5.15 -> 15.5.18 (cascading patch bump, picked up automatically) Lockfile-only change. package.json untouched. Remaining open advisory: postcss <8.5.10 bundled inside node_modules/next/node_modules/postcss. The only fix npm proposes is downgrading next to 9.3.3 (major break) -- not applied. The XSS path requires CSS coming from untrusted user input, which is not present in our static site build pipeline. Will re-evaluate when Next.js bumps its internal postcss pin.
1 parent 01fb818 commit ddd2ac4

1 file changed

Lines changed: 73 additions & 48 deletions

File tree

website/package-lock.json

Lines changed: 73 additions & 48 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)