Check reported bug and vulnerabilities from an external developer

Question

Check reported bug and vulnerabilities from an external developer

Closed this issue a month ago · 0 comments

Describe the bug
An external developer reached out to me with a type error in a package and also some vulnerabilities issues for Corbado Complete. Can you please take a look to address his concerns or let me know if he made a mistake. I forwarded you his initial email.

To Reproduce

Try to compile a JavaScript repository that uses our Complete component:

. It seems like there is a type error in the updated package. I now get the following compile error preventing me from deploying:
Type error: Property 'user' does not exist on type 'CorbadoAppContextProps’. const {loading, isAuthenticated, logout, user} = useCorbado()

Check the vulnerabilities from used packages and update these packages if possible.

npm audit report
axios >=1.3.2
Severity: high
Server-Side Request Forgery in axios - GHSA-8hc4-vh64-cxmj
fix available via npm audit fix --force
Will install @corbado/react@2.11.0, which is a breaking change
node_modules/@openapitools/openapi-generator-cli/node_modules/axios
node_modules/axios
@corbado/node-sdk *
Depends on vulnerable versions of axios
node_modules/@corbado/node-sdk
@corbado/web-core *
Depends on vulnerable versions of axios
node_modules/@corbado/web-core
@corbado/react-sdk *
Depends on vulnerable versions of @corbado/web-core
node_modules/@corbado/react-sdk
@corbado/react *
Depends on vulnerable versions of @corbado/react-sdk
Depends on vulnerable versions of @corbado/shared-ui
node_modules/@corbado/react
@corbado/shared-ui *
Depends on vulnerable versions of @corbado/web-core
node_modules/@corbado/shared-ui
@openapitools/openapi-generator-cli >=2.8.0
Depends on vulnerable versions of axios
node_modules/@openapitools/openapi-generator-cli

Expected behavior
There should be no error.