upgrade vulnerable dependency versions (#1023) · EthanThatOneKid/acmcsuf.com@616d38c

Commit

upgrade vulnerable dependency versions (#1023)

The following dependencies were listed as vulnerable by npm audit:
- @sveltejs/kit: v1.30.3->v1.30.4 due to (low):
  - undici: v5.26.5->v5.28.3 (low)
- vite: v4.5.1 -> v4.5.2 (**high**)

This patch fixes the following vulnerabilities:
- undici: GHSA-3787-6prv-h9w3 (proxy-authorization header...)
- vite: GHSA-c24v-8rfc-w8vw (server.fs.deny bypass...)

Except for svelte-check (fails due to lack of environment), all checks
pass per `npm run all`. Site loads correctly on `npm run dev`.

Signed-off-by: Amy Parker <amy@amyip.net>
Co-authored-by: Ethan Davidson <31261035+EthanThatOneKid@users.noreply.github.com>

Loading branch information

amyipdev and EthanThatOneKid committed Feb 21, 2024

1 parent 4f6b867 commit 616d38c

package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit `616d38c`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `616d38c`

Commit

There are no files selected for viewing

0 comments on commit 616d38c

0 comments on commit `616d38c`