Skip to content

Commit

Permalink
IEN-895 | More dependabot Fix (#652)
Browse files Browse the repository at this point in the history 
* Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code

* ws affected by a DoS when handling a request with many HTTP headers

* Uncontrolled resource consumption in braces

* Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS

* semver vulnerable to Regular Expression Denial of Service

* xml2js is vulnerable to prototype pollution

* word-wrap vulnerable to Regular Expression Denial of Service

* Regular Expression Denial of Service (ReDoS) in micromatch

---------

Co-authored-by: Jerry Wang <jerryappleid761208@gmail.com>
  • Loading branch information
@jerry-ey @c1495616js
jerry-ey and c1495616js authored Sep 17, 2024
1 parent 6859a43 commit 2fb979e
Show file tree
Hide file tree
Showing 2 changed files with 341 additions and 1,097 deletions.
11 changes: 10 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,15 @@
"resolutions": {
"axios": "0.28.0",
"express": "4.19.2",
"postcss": "8.4.31"
"postcss": "8.4.31",
"@babel/traverse": "7.23.2",
"ws": "7.5.10",
"braces": "3.0.3",
"webpack": "5.94.0",
"semver": "7.5.2",
"xml2js": "0.5.0",
"word-wrap": "1.2.4",
"micromatch": "4.0.8",
"ip": "2.0.1"
}
}
Loading

0 comments on commit 2fb979e

Please sign in to comment.