Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit finding: https://github.com/advisories/GHSA-cm22-4g7w-348p #40975

Closed
brave-builds opened this issue Sep 11, 2024 · 7 comments · Fixed by brave/brave-core#25517
Closed

Audit finding: https://github.com/advisories/GHSA-cm22-4g7w-348p #40975

brave-builds opened this issue Sep 11, 2024 · 7 comments · Fixed by brave/brave-core#25517
Labels
bot/branch/v1.69 bot/branch/v1.70 bot/branch/v1.71 bot/branch/v1.72 bot/channel/beta bot/channel/nightly bot/channel/release bot/type/audit ci-concern OS/Desktop QA/No release-notes/exclude
Milestone
1.71.x - Release

Comments

@brave-builds
Copy link
Collaborator

Greetings human!

Bad news. Audit failed on nightly/v1.71.81 due to GHSA-cm22-4g7w-348p.
diracdeltas added a commit to brave/brave-core that referenced this issue Sep 11, 2024
@diracdeltas
Fix various audit issues
775128e 
Fix brave/brave-browser#40973
Fix brave/brave-browser#40974
Fix brave/brave-browser#40975
@diracdeltas diracdeltas mentioned this issue Sep 11, 2024
Merged
24 tasks
@brave-builds
Copy link
Collaborator Author

Audit failed on beta/v1.70.108 due to GHSA-cm22-4g7w-348p.

@brave-builds
Copy link
Collaborator Author

Audit failed on release/v1.69.168 due to GHSA-cm22-4g7w-348p.

@brave-builds
Copy link
Collaborator Author

Audit failed on release/v1.69.169 due to GHSA-cm22-4g7w-348p.

@brave-builds
Copy link
Collaborator Author

Audit failed on nightly/v1.71.82 due to GHSA-cm22-4g7w-348p.

@brave-builds
Copy link
Collaborator Author

Audit failed on nightly/v1.71.83 due to GHSA-cm22-4g7w-348p.

@brave-builds
Copy link
Collaborator Author

Audit failed on nightly/v1.72.1 due to GHSA-cm22-4g7w-348p.

@brave-builds
Copy link
Collaborator Author

Audit failed on release/v1.69.170 due to GHSA-cm22-4g7w-348p.

@brave-builds brave-builds added this to the 1.72.x - Nightly milestone Sep 11, 2024
This was referenced Sep 12, 2024
Merged
Closed
diracdeltas added a commit to brave/brave-core that referenced this issue Sep 13, 2024
@diracdeltas
Fix various audit issues
c98165a 
Fix brave/brave-browser#40973
Fix brave/brave-browser#40974
Fix brave/brave-browser#40975
kjozwiak pushed a commit to brave/brave-core that referenced this issue Sep 16, 2024
@diracdeltas @dependabot
Fix various audit issues (uplift to 1.70.x) (#25563)
838de60 
* Bump body-parser and express (#25506)

Bumps [body-parser](https://github.com/expressjs/body-parser) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `body-parser` from 1.20.2 to 1.20.3
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.20.2...1.20.3)

Updates `express` from 4.19.2 to 4.20.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.19.2...4.20.0)

---
updated-dependencies:
- dependency-name: body-parser
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix various audit issues

Fix brave/brave-browser#40973
Fix brave/brave-browser#40974
Fix brave/brave-browser#40975

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bot/branch/v1.69 bot/branch/v1.70 bot/branch/v1.71 bot/branch/v1.72 bot/channel/beta bot/channel/nightly bot/channel/release bot/type/audit ci-concern OS/Desktop QA/No release-notes/exclude
Projects
None yet
Milestone
1.71.x - Release
Development

Successfully merging a pull request may close this issue.

Fix various audit issues brave/brave-core
2 participants
@kjozwiak @brave-builds