Vulnerabilities in eta #3354

makkes · 2023-02-02T12:03:31Z

Snyk is reporting vulnerabilities for one of docusaurus' dependencies:

  1/7: Cross-site Scripting (XSS) [Medium Severity]
    Via: @docusaurus/core@2.3.0 => eta@1.12.3
    Fixed in: eta 2.0.0
[...]

Example run that failed.

This currently leads to CI check failures on any PRs.

The text was updated successfully, but these errors were encountered:

Callisto13 · 2023-02-02T12:34:16Z

Docusaurus merged the bump yesterday facebook/docusaurus#8610

makkes · 2023-02-02T13:19:42Z

Let's hope they don't stick to their past release candence to get this out.

makkes · 2023-02-03T13:58:36Z

Judging by the PRs merged at this very moment it looks like 2.3.1 will be released soon. Let's wait for that to happen so we can easily upgrade without having to pin transitive deps.

closes #3354

makkes added ci team/denim labels Feb 2, 2023

makkes self-assigned this Feb 2, 2023

makkes pushed a commit that referenced this issue Feb 6, 2023

bump docusaurus to 2.3.1

3359b4b

closes #3354

makkes mentioned this issue Feb 6, 2023

bump docusaurus to 2.3.1 #3367

Merged

makkes closed this as completed in #3367 Feb 6, 2023

makkes added the bug Something isn't working label Feb 16, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerabilities in eta #3354

Vulnerabilities in eta #3354

makkes commented Feb 2, 2023

Callisto13 commented Feb 2, 2023

makkes commented Feb 2, 2023

makkes commented Feb 3, 2023

Vulnerabilities in eta #3354

Vulnerabilities in eta #3354

Comments

makkes commented Feb 2, 2023

Callisto13 commented Feb 2, 2023

makkes commented Feb 2, 2023

makkes commented Feb 3, 2023