wrangler Depends on vulnerable versions of miniflare #1679
Assignees
Labels
maintenance
Maintenance task
Comments
|
Will require increasing the minimum supported node version to >= 16.8.0 |
|
Miniflare pr |
|
Unidici is also a dependency of wrangler itself, need to fix for that too |
Repository owner
moved this from In Progress
to Done
in workers-sdk
Aug 22, 2022
Repository owner
moved this from In Progress
to Done
in workers-sdk
Aug 22, 2022
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Wrangler 2.0.25
npm audit report
undici <5.8.0
Severity: moderate
undici before v5.8.0 vulnerable to CRLF injection in request headers - GHSA-3cvr-822r-rqcc
No fix available
node_modules/undici
@miniflare/cache *
Depends on vulnerable versions of undici
node_modules/@miniflare/cache
@miniflare/core *
Depends on vulnerable versions of undici
node_modules/@miniflare/core
@miniflare/scheduler *
Depends on vulnerable versions of @miniflare/core
node_modules/@miniflare/scheduler
@miniflare/durable-objects *
Depends on vulnerable versions of undici
node_modules/@miniflare/durable-objects
@miniflare/html-rewriter *
Depends on vulnerable versions of undici
node_modules/@miniflare/html-rewriter
@miniflare/http-server *
Depends on vulnerable versions of undici
node_modules/@miniflare/http-server
@miniflare/r2 *
Depends on vulnerable versions of undici
node_modules/@miniflare/r2
miniflare >=2.0.0-next.1
Depends on vulnerable versions of @miniflare/r2
Depends on vulnerable versions of undici
node_modules/miniflare
wrangler *
Depends on vulnerable versions of miniflare
node_modules/wrangler
@miniflare/web-sockets *
Depends on vulnerable versions of undici
node_modules/@miniflare/web-sockets
The text was updated successfully, but these errors were encountered: