Make WordPress Core

Context Navigation

← Previous Ticket
Next Ticket →

Opened 2 years ago

Closed 19 months ago

#60994 closed defect (bug) (fixed)

Github bot detected some high risk security issue in npm packages.

Reported by:	thekt12	Owned by:
Milestone:		Priority:	normal
Severity:	normal	Version:
Component:	Security	Keywords:
Focuses:		Cc:

Description

The GitHub bot detected some high-risk bugs in the core, mostly within the npm packages being used.

We will need to update packages to resolve this.

Attachments (2)

TaffyDB can allow access to any data items in the DB · Dependabot alert #10 · 10up_wordpress-develop.pdf (333.4 KB) - added by thekt12 2 years ago.: Update TaffyDB
security_issue1.pdf (500.6 KB) - added by thekt12 2 years ago.: Update webpack-dev-middleware package.

Download all attachments as: .zip

Change History (4)

@thekt12
2 years ago

Attachment TaffyDB can allow access to any data items in the DB · Dependabot alert #10 · 10up_wordpress-develop.pdf added

Update TaffyDB

@thekt12
2 years ago

Attachment security_issue1.pdf added

Update webpack-dev-middleware package.

#1 @thekt12
2 years ago

I realised the original link is only visible to people with member access. So attached pdf for high risk packages.

#2 @johnbillion
19 months ago

Milestone Awaiting Review deleted
Resolution set to fixed
Status changed from new to closed

Thanks for the report @thekt12 . This was addressed in one of the package updates for WordPress 6.6 and webpack-dev-middleware is installed at version 5.3.4 since then. Cheers!

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats: