2 high severity vulnerabilities in 2.0.1

Question

2 high severity vulnerabilities in 2.0.1

huphtur opened this issue 4 months ago · 1 comments

huphtur commented 4 months ago

Operating system

macOS Sonoma 14.5

Eleventy

2.0.1

Describe the bug

npm audit report

pug *
Severity: high
Pug allows JavaScript code execution if an application accepts untrusted input - GHSA-3965-hpx2-q597
No fix available
node_modules/pug
@11ty/eleventy <=2.0.2-alpha.2
Depends on vulnerable versions of pug
node_modules/@11ty/eleventy

2 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Reproduction steps

Go to '...'
Click on '....'
Scroll down to '....'
See an error

Expected behavior

No response

Reproduction URL

No response

Screenshots

No response

Answer 1 · 2024-05-27T16:46:25.000Z

A fresh install of @11ty/eleventy does install pug@3.0.3, which satisfies this audit.

I’d recommend npm install pug@3 to get the latest version of pug in your project (and update your package-lock.json).

Thanks!
Zach