Make WordPress Core

Opened 9 months ago

Closed 2 months ago

#60994 closed defect (bug) (fixed)

Github bot detected some high risk security issue in npm packages.

Reported by: thekt12's profile thekt12 Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Security Keywords:
Focuses: Cc:

Description

The GitHub bot detected some high-risk bugs in the core, mostly within the npm packages being used.

We will need to update packages to resolve this.

Report Link

Attachments (2)

TaffyDB can allow access to any data items in the DB · Dependabot alert #10 · 10up_wordpress-develop.pdf (333.4 KB) - added by thekt12 9 months ago.
Update TaffyDB
security_issue1.pdf (500.6 KB) - added by thekt12 9 months ago.
Update webpack-dev-middleware package.

Download all attachments as: .zip

Change History (4)

@thekt12
9 months ago

Update webpack-dev-middleware package.

#1 @thekt12
9 months ago

I realised the original link is only visible to people with member access. So attached pdf for high risk packages.

#2 @johnbillion
2 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to fixed
  • Status changed from new to closed

Thanks for the report @thekt12 . This was addressed in one of the package updates for WordPress 6.6 and webpack-dev-middleware is installed at version 5.3.4 since then. Cheers!

Note: See TracTickets for help on using tickets.