Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address Failing GitHub Action: Check for Vulnerabilities / frontend #142

Closed
Matthew-Grayson opened this issue Apr 1, 2024 · 0 comments · Fixed by #144
Closed

Address Failing GitHub Action: Check for Vulnerabilities / frontend #142

Matthew-Grayson opened this issue Apr 1, 2024 · 0 comments · Fixed by #144
Assignees
@Matthew-Grayson
Labels
dependencies Pull requests that update a dependency file security This issue or pull request addresses a security issue

Comments

@Matthew-Grayson
Copy link
Contributor

Matthew-Grayson commented Apr 1, 2024
edited
Loading

🐛 Summary

Update vulnerable node modules:

es5-ext 0.10.1 - 0.10.62
Severity: low
es5-ext vulnerable to Regular Expression Denial of Service in function#copy and function#toStringTokens - GHSA-4gmj-3p3h-gm8h

express <4.19.2
Severity: moderate
Express.js Open Redirect in malformed URLs - GHSA-rv95-896h-c2vc

follow-redirects <=1.15.5
Severity: moderate
follow-redirects' Proxy-Authorization header kept across hosts - GHSA-cxjh-pqwp-8mfp

webpack-dev-middleware <=5.3.3
Severity: high
Path traversal in webpack-dev-middleware - GHSA-wr3j-pwj9-hqq6

4 vulnerabilities (1 low, 2 moderate, 1 high)
@Matthew-Grayson Matthew-Grayson added dependencies Pull requests that update a dependency file security This issue or pull request addresses a security issue labels Apr 1, 2024
@Matthew-Grayson Matthew-Grayson self-assigned this Apr 1, 2024
@Matthew-Grayson Matthew-Grayson linked a pull request Apr 1, 2024 that will close this issue
Fix Frontend Vulnerabilities Flagged by GithHub Actions #144
Merged
12 tasks
@Matthew-Grayson Matthew-Grayson mentioned this issue Apr 1, 2024
Merged
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Matthew-Grayson Matthew-Grayson

Labels
dependencies Pull requests that update a dependency file security This issue or pull request addresses a security issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix Frontend Vulnerabilities Flagged by GithHub Actions cisagov/XFD
1 participant
@Matthew-Grayson