Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: CVE-2023-26140 #3047

Merged
merged 3 commits into from
Mar 23, 2024
Merged

Fix: CVE-2023-26140 #3047

merged 3 commits into from
Mar 23, 2024

Conversation

arsenstorm
Copy link
Contributor

Description

This commit fixes a potential XSS vulnerability in the @udecode/plate-excalidraw package by updating the @excalidraw/excalidraw dependency to version 0.16.0.

Security Advisory: GHSA-v7v8-gjv7-ffmr
Snyk Report: https://security.snyk.io/vuln/SNYK-JS-EXCALIDRAWEXCALIDRAW-5841658

Patches for @excalidraw/excalidraw were introduced in version 0.15.3; however, as advised by the Snyk Report, I've updated it to version 0.16.0.

@arsenstorm
Fix: CVE-2023-26140
842fb2d 
This commit fixes a potential XSS vulnerability in the
`@udecode/plate-excalidraw` package by updating the
`@excalidraw/excalidraw` dependency to version `0.16.0`.

Security Advisory: GHSA-v7v8-gjv7-ffmr
Snyk Report: https://security.snyk.io/vuln/SNYK-JS-EXCALIDRAWEXCALIDRAW-5841658
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Mar 23, 2024
edited
Loading

🦋 Changeset detected

Latest commit: a5e40bd

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@udecode/plate-excalidraw Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel Vercel
Copy link

vercel bot commented Mar 23, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
plate ✅ Ready (Inspect) Visit Preview 💬 Add feedback Mar 23, 2024 1:25pm

12joan
12joan approved these changes Mar 23, 2024
View reviewed changes
Copy link
Collaborator

@12joan 12joan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this important PR.

@zbeyens The upgrade takes Excalidraw through some breaking changes, but I don't think any of those are a problem for us. The minor changeset on this PR might therefore be appropriate, although patch will see better adoption through automated dependency updaters.

I've tested out the change, and Excalidraw seems to work fine in the playground.

@12joan 12joan mentioned this pull request Mar 23, 2024
Closed
@zbeyens zbeyens merged commit 266304c into udecode:main Mar 23, 2024
5 checks passed
This was referenced Mar 23, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zbeyens zbeyens zbeyens approved these changes

@12joan 12joan 12joan approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@arsenstorm @12joan @zbeyens