Update @prisma/sdk
Closed this issue · 4 comments
DylanPetrey commented
Can you update the @prisma/sdk dependency? These are the vulnerabilities I have been experiencing.
=== npm audit security report ===
Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
Moderate undici before v5.8.0 vulnerable to CRLF injection in request
headers
Package undici
Patched in >=5.8.0
Dependency of prisma-kysely
Path prisma-kysely > @prisma/sdk > @prisma/engine-core > undici
More info https://github.com/advisories/GHSA-3cvr-822r-rqcc
High ProxyAgent vulnerable to MITM
Package undici
Patched in >=5.5.1
Dependency of prisma-kysely
Path prisma-kysely > @prisma/sdk > @prisma/engine-core > undici
More info https://github.com/advisories/GHSA-pgw7-wx7w-2w33
Low undici before v5.8.0 vulnerable to uncleared cookies on
cross-host / cross-origin redirect
Package undici
Patched in >=5.8.0
Dependency of prisma-kysely
Path prisma-kysely > @prisma/sdk > @prisma/engine-core > undici
More info https://github.com/advisories/GHSA-q768-x9m6-m9qp
Moderate Nodejs ‘undici’ vulnerable to CRLF Injection via
Content-Type
Package undici
Patched in >=5.8.2
Dependency of prisma-kysely
Path prisma-kysely > @prisma/sdk > @prisma/engine-core > undici
More info https://github.com/advisories/GHSA-f772-66g8-q5h3
Moderate `undici.request` vulnerable to SSRF using absolute URL on
`pathname`
Package undici
Patched in >=5.8.2
Dependency of prisma-kysely
Path prisma-kysely > @prisma/sdk > @prisma/engine-core > undici
More info https://github.com/advisories/GHSA-8qr4-xgw6-wmr3
High Regular Expression Denial of Service in Headers
Package undici
Patched in >=5.19.1
Dependency of prisma-kysely
Path prisma-kysely > @prisma/sdk > @prisma/engine-core > undici
More info https://github.com/advisories/GHSA-r6ch-mqf9-qc9w
Moderate CRLF Injection in Nodejs ‘undici’ via host
Package undici
Patched in >=5.19.1
Dependency of prisma-kysely
Path prisma-kysely > @prisma/sdk > @prisma/engine-core > undici
More info https://github.com/advisories/GHSA-5r9g-qh6m-jxff
valtyr commented
I have a PR open that updates the dependency that I'll likely merge it tomorrow. I'll let you know.
valtyr commented
This will be part of the next release. I'm aiming for later today or tomorrow.
valtyr commented
Just released the new version @DylanPetrey 😎
DylanPetrey commented
That fixed it! Thanks!