Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test js vuln check #2

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open

Test js vuln check #2

wants to merge 22 commits into from

Conversation

teodor-yanev
Copy link
Owner

No description provided.

@teodor-yanev
Copy link
Owner Author

Minder Vulnerability Report ⚠️

Minder found vulnerable dependencies in this PR. Either push an updated version or accept the proposed changes. Note that accepting the changes will include Minder as a co-author of this PR.

Vulnerability scan of 0fe31012:

  • 🐞 vulnerable packages: 2
  • 🛠 fixes available for: 2
<tr>
	<td>postcss</td>
	<td>8.4.27</td>
	<td>1</td>
	<td>1</td>
	<td>8.4.31</td>
</tr>
Package Version #Vulnerabilities #Fixes Patch
next 13.4.18 1 1 13.4.20-canary.13

Summary of vulnerabilities found

Minder found the following vulnerabilities in this PR:
Ecosystem Name Version Vulnerability ID Summary Introduced Fixed
npm next 13.4.18 GHSA-c59h-r6p8-q9wc Next.js missing cache-control header may lead to CDN caching empty reply 0.9.9 13.4.20-canary.13
npm postcss 8.4.27 GHSA-7fh5-64p2-3v2j PostCSS line return parsing error 0 8.4.31

teodor-yanev
teodor-yanev commented Mar 26, 2024
View reviewed changes
package-lock.json
Comment on lines +2674 to 2679
"version": "13.4.18",
"resolved": "https://registry.npmjs.org/next/-/next-13.4.18.tgz",
"integrity": "sha512-V/IIFA/znYYnOFlZQegrlhlWRpyIuCLXLGuH6pzCjwyxThNBZl4ItqoE3ffUyYY9f0X6XIQ2dX6UUBpNVSKZ8A==",
"dependencies": {
"@next/env": "13.4.19",
"@next/env": "13.4.18",
"@swc/helpers": "0.5.1",
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"version": "13.4.18",
"resolved": "https://registry.npmjs.org/next/-/next-13.4.18.tgz",
"integrity": "sha512-V/IIFA/znYYnOFlZQegrlhlWRpyIuCLXLGuH6pzCjwyxThNBZl4ItqoE3ffUyYY9f0X6XIQ2dX6UUBpNVSKZ8A==",
"dependencies": {
"@next/env": "13.4.19",
"@next/env": "13.4.18",
"@swc/helpers": "0.5.1",
"node_modules/next": {
"version": "13.4.18",
13.4.18
"version": "13.4.20-canary.13",
"resolved": "https://registry.npmjs.org/next/-/next-13.4.20-canary.13.tgz",
"integrity": "sha512-o25BQSItqFlks8Fzvi4FHUXUhnArIgMB6/gfAR3RgqIRBzl7oJrZqBs45W8MHWgK188ndrlzMSCeOMn0TJPF/w==",

package-lock.json
Comment on lines +3013 to 3018
"version": "8.4.27",
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.27.tgz",
"integrity": "sha512-gY/ACJtJPSmUFPDCHtX78+01fHa64FaU4zaaWfuh1MhGJISufJAH4cun6k/8fwsHYeK4UQmENQK+tRLCFJE8JQ==",
"funding": [
{
"type": "opencollective",
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"version": "8.4.27",
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.27.tgz",
"integrity": "sha512-gY/ACJtJPSmUFPDCHtX78+01fHa64FaU4zaaWfuh1MhGJISufJAH4cun6k/8fwsHYeK4UQmENQK+tRLCFJE8JQ==",
"funding": [
{
"type": "opencollective",
"node_modules/postcss": {
"version": "8.4.27",
8.4.27
"version": "8.4.31",
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz",
"integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==",

@teodor-yanev teodor-yanev mentioned this pull request Mar 27, 2024
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@teodor-yanev