Commit ddd2ac4
authored
chore(deps): npm audit fix in website (uuid, brace-expansion, next patch) (#78)
Output of `npm audit fix --legacy-peer-deps`:
- uuid 11.1.0 -> 11.1.1 (fixes GHSA-w5hq-g745-h8pq buffer bounds check, dependabot alert #30)
- brace-expansion 5.0.3 -> 5.0.6 and 1.1.12 -> 1.1.14 (fixes GHSA-f886-m6hf-6m8v ReDoS via zero-step sequence)
- next 15.5.15 -> 15.5.18 (cascading patch bump, picked up automatically)
Lockfile-only change. package.json untouched.
Remaining open advisory: postcss <8.5.10 bundled inside node_modules/next/node_modules/postcss. The only fix npm proposes is downgrading next to 9.3.3 (major break) -- not applied. The XSS path requires CSS coming from untrusted user input, which is not present in our static site build pipeline. Will re-evaluate when Next.js bumps its internal postcss pin.1 parent 01fb818 commit ddd2ac4
1 file changed
Lines changed: 73 additions & 48 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments