Skip to content

PXG-1351: fix security vulnerabilities#150

Merged
hanllo merged 1 commit intomainfrom
PXG-1351-fix-high-security-vulnerabilities-in-design-system-toolkit
Apr 15, 2025
Merged

PXG-1351: fix security vulnerabilities#150
hanllo merged 1 commit intomainfrom
PXG-1351-fix-high-security-vulnerabilities-in-design-system-toolkit

Conversation

@hanllo
Copy link
Copy Markdown
Contributor

@hanllo hanllo commented Apr 15, 2025

Fixes the following high/moderate vulnerabilities, via npm audit fix:

# npm audit report

@babel/helpers  <7.26.10
Severity: moderate
Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups - https://github.com/advisories/GHSA-968p-4wvh-cqc8
node_modules/@babel/helpers

@babel/runtime  <7.26.10
Severity: moderate
Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups - https://github.com/advisories/GHSA-968p-4wvh-cqc8
node_modules/@babel/runtime

axios  1.0.0 - 1.8.1
Severity: high
axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL - https://github.com/advisories/GHSA-jr5f-v2jv-69x6
node_modules/axios

cross-spawn  <6.0.6 || >=7.0.0 <7.0.5
Severity: high
Regular Expression Denial of Service (ReDoS) in cross-spawn - https://github.com/advisories/GHSA-3xgq-45jj-v275
node_modules/cross-spawn
node_modules/eslint-config-nhsuk/node_modules/cross-spawn

micromatch  <4.0.8
Severity: moderate
Regular Expression Denial of Service (ReDoS) in micromatch - https://github.com/advisories/GHSA-952p-6rrq-rcjv
node_modules/micromatch

path-to-regexp  4.0.0 - 6.2.2
Severity: high
path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
node_modules/@11ty/eleventy/node_modules/path-to-regexp

One moderate vulnerability remains according to npm audit, but it requires upgrading the stylelint linting package by 3 major versions and so will come in another PR.

@netlify
Copy link
Copy Markdown

netlify bot commented Apr 15, 2025
edited
Loading

Deploy Preview for ofh-design-system-docs ready!

Name Link
🔨 Latest commit dac228a
🔍 Latest deploy log https://app.netlify.com/sites/ofh-design-system-docs/deploys/67fe62295c311a00088b31c1
😎 Deploy Preview https://deploy-preview-150--ofh-design-system-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@hanllo hanllo merged commit 3558116 into main Apr 15, 2025
5 checks passed
@hanllo hanllo deleted the PXG-1351-fix-high-security-vulnerabilities-in-design-system-toolkit branch April 15, 2025 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Raymond-Ly Raymond-Ly Raymond-Ly approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hanllo @Raymond-Ly