Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Vulnerabilities in @toolpad/core #4478

Open
Petar-Dimitrov-AXA opened this issue Nov 26, 2024 · 6 comments · May be fixed by #4483
Open

Security Vulnerabilities in @toolpad/core #4478

Petar-Dimitrov-AXA opened this issue Nov 26, 2024 · 6 comments · May be fixed by #4483
Assignees
@bharatkashyap
Labels
priority: important This change can make a difference security Pull requests that address a security vulnerability

Comments

@Petar-Dimitrov-AXA
Copy link

Petar-Dimitrov-AXA commented Nov 26, 2024
edited by github-actions bot
Loading

At this moment there 6 high severity vulnerabilities in @toolpad/core package. Is there any plan to fix those?

Here is the output of npm audit:

image

Search keywords:
@github-actions github-actions bot added the status: waiting for maintainer These issues haven't been looked at yet by a maintainer label Nov 26, 2024
@Janpot
Copy link
Member

Janpot commented Nov 26, 2024
edited
Loading

upstream issue vercel/title#85. looks like it's fixed in their latest version.

@Petar-Dimitrov-AXA
Copy link
Author

I am now with @toolpad/core: 0.10.0, the latest version in npm. In which release you are planning to publish the fixes?

@Janpot
Copy link
Member

Janpot commented Nov 26, 2024

yes it will be part of next version. Just to note that the offending cross-spawn dependency is not being called. There is no real vulnerability here other than on paper.

@Petar-Dimitrov-AXA
Copy link
Author

Ok, thanks a lot!

@github-actions github-actions bot removed the status: waiting for maintainer These issues haven't been looked at yet by a maintainer label Nov 26, 2024
@github-actions GitHub Actions
Copy link

This issue has been closed. If you have a similar problem but not exactly the same, please open a new issue.
Now, if you have additional information related to this issue or things that could help future readers, feel free to leave a comment.

Note

@Petar-Dimitrov-AXA How did we do? Your experience with our support team matters to us. If you have a moment, please share your thoughts in this short Support Satisfaction survey.

@Janpot
Copy link
Member

Janpot commented Nov 26, 2024

we can leave this open for tracking purposes

@Janpot Janpot reopened this Nov 26, 2024
@Janpot Janpot added priority: important This change can make a difference security Pull requests that address a security vulnerability labels Nov 26, 2024
@bharatkashyap bharatkashyap linked a pull request Nov 27, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bharatkashyap bharatkashyap

Labels
priority: important This change can make a difference security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[core] Remove/update offending deps bharatkashyap/mui-toolpad
3 participants
@Janpot @bharatkashyap @Petar-Dimitrov-AXA