2 high severity vulnerabilities in 2.0.1
huphtur opened this issue · 1 comments
huphtur commented
Operating system
macOS Sonoma 14.5
Eleventy
2.0.1
Describe the bug
npm audit report
pug *
Severity: high
Pug allows JavaScript code execution if an application accepts untrusted input - GHSA-3965-hpx2-q597
No fix available
node_modules/pug
@11ty/eleventy <=2.0.2-alpha.2
Depends on vulnerable versions of pug
node_modules/@11ty/eleventy
2 high severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
Reproduction steps
- Go to '...'
- Click on '....'
- Scroll down to '....'
- See an error
Expected behavior
No response
Reproduction URL
No response
Screenshots
No response
zachleat commented
A fresh install of @11ty/eleventy
does install pug@3.0.3
, which satisfies this audit.
I’d recommend npm install pug@3
to get the latest version of pug in your project (and update your package-lock.json).
Thanks!
Zach