Actions
Bug #102208
closed
Vulnerable npm dev dependencies
Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2023-10-19
Due date:
% Done:
100%
Estimated time:
TYPO3 Version:
12
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
npm reports some dev dependencies as vulnerable once again:
# npm audit report debug 3.2.0 - 3.2.6 Severity: moderate Regular Expression Denial of Service in debug - https://github.com/advisories/GHSA-gxpj-cx7g-858c fix available via `npm audit fix` node_modules/tiny-lr/node_modules/debug postcss <8.4.31 Severity: moderate PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j fix available via `npm audit fix --force` Will install postcss-clean@1.2.0, which is a breaking change node_modules/postcss postcss-clean <=1.1.0 || >=1.2.1 Depends on vulnerable versions of postcss node_modules/postcss-clean 3 moderate severity vulnerabilities
Updated by 
Updated by 
Updated by
Actions