You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Mar 19, 2025. It is now read-only.
After installing @userfront/toolkit npm warns about 3 high severity vulnerabilities:
❯ npm audit
# npm audit report
axios 1.3.2 - 1.7.3
Severity: high
Server-Side Request Forgery in axios - https://github.com/advisories/GHSA-8hc4-vh64-cxmj
fix available via `npm audit fix --force`
Will install @userfront/toolkit@1.0.9, which is a breaking change
node_modules/axios
@userfront/core 1.0.0
Depends on vulnerable versions of axios
node_modules/@userfront/core
@userfront/toolkit 1.0.10-alpha.0 - 1.0.11-alpha.0
Depends on vulnerable versions of @userfront/core
node_modules/@userfront/toolkit
3 high severity vulnerabilities
I can see that the version of axios was bumped in this commit userfront/userfront-core@a100ebb, however the core lib is still installed as v1.0.0 as a part of @userfront/toolkit install.
After installing
@userfront/toolkitnpm warns about 3 high severity vulnerabilities:I can see that the version of axios was bumped in this commit userfront/userfront-core@a100ebb, however the core lib is still installed as
v1.0.0as a part of@userfront/toolkitinstall.