https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41587
Paul Derscheid <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Text to go in the| |Fix node dependency release notes| |security vulnerabilities by | |upgrading packages and | |adding yarn resolutions. | |The following packages were | |updated: | | | |Direct dependency upgrades: | |- gulp-exec from ^4.0.0 to | |^5.0.0 (fixes | |lodash.template HIGH | |vulnerability) | |- lodash from ^4.17.12 to | |^4.17.23 (MODERATE) | |- minimatch from ^3.0.2 to | |^3.1.4 (HIGH) | | | |Yarn resolutions added to | |pin secure versions of | |transitive dependencies: | |- form-data ^2.5.4 | |(CRITICAL) | |- fast-xml-parser ^4.5.4 | |(CRITICAL) | |- braces ^3.0.3 (HIGH) | |- qs ^6.14.1 (HIGH) | |- serialize-javascript | |^7.0.3 (HIGH) | |- micromatch ^4.0.8 | |(MODERATE) | |- @cypress/request ^3.0.0 | |(MODERATE) | |- js-yaml ^4.1.1 (MODERATE) | |- undici ^6.23.0 (MODERATE) | | | |This brings in upstream | |security fixes for | |critical, high, and | |moderate severity | |vulnerabilities reported by | |yarn audit. No functional | |changes are expected in | |Koha beyond those provided | |by the updated | |dependencies. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
