Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Critical package vulnerability #253

Merged
1 commit merged into from
Jan 12, 2024
Merged

Fix Critical package vulnerability #253

1 commit merged into from
Jan 12, 2024

Conversation

IgnorantSapient
Copy link
Contributor

@IgnorantSapient IgnorantSapient commented Jan 12, 2024
edited by ghost
Loading

Description

A dependency(babel/travese) had a critical vulnerability, this PR applies the patch that fixes it.

Motivation and Context

Auto-fixed critical vulnerability by running npm audit fix

Screenshots (if appropriate):

Screenshot 2024-01-11 at 10 58 28 PM

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

@IgnorantSapient IgnorantSapient force-pushed the babel-vulnreability-fix branch from 44d4cd6 to d15fce4 Compare January 12, 2024 04:06
ghost
ghost approved these changes Jan 12, 2024
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @IgnorantSapient thank you for the fix. I have verified that Docusaurus is indeed using the vulnerable options. I have also verified the checksums in your fix.

This is likely not affecting us as we are generating a static site and contributors already have the ability to execute arbitrary code, but I'm happy to get rid of this vulnerability alert nonetheless.

@ghost ghost merged commit 1d2d9fb into opentofu:main Jan 12, 2024
1 of 2 checks passed
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@IgnorantSapient