feat(common): next bump #176

kirill-ivanovvv · 2024-12-26T15:44:53Z

closes #168

вот этот момент не понимаю как закрыть. пакет только в yarn.lock мелькает

Nelfimov · 2024-12-26T15:53:31Z

вот этот момент не понимаю

это какой?

kirill-ivanovvv · 2024-12-26T15:56:36Z

вот этот момент не понимаю

это какой?

rollup & node-fetch

https://github.com/torin-asakura/shdvor/security/dependabot/24
https://github.com/torin-asakura/shdvor/security/dependabot/22

Nelfimov · 2024-12-26T16:00:36Z

вот этот момент не понимаю

это какой?

rollup & node-fetch

DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS node-fetch forwards secure headers to untrusted sites

Если они не отслеживаются через yarn why то можно попробовать снести yarn.lock и пересобрать его. Либо запустить yarn dedupe

feat(common): next bump

8aa1313

kirill-ivanovvv self-assigned this Dec 26, 2024

kirill-ivanovvv added 2 commits December 26, 2024 18:45

Merge branch 'master' into fix/dependabot

e659199

fix(site&blog): rm unused

429b67e

kirill-ivanovvv requested a review from Nelfimov December 26, 2024 15:51

Nelfimov merged commit b9518d5 into master Dec 26, 2024
4 of 6 checks passed

Nelfimov deleted the fix/dependabot branch December 26, 2024 15:53

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(common): next bump #176

feat(common): next bump #176

kirill-ivanovvv commented Dec 26, 2024

Nelfimov commented Dec 26, 2024

kirill-ivanovvv commented Dec 26, 2024

Nelfimov commented Dec 26, 2024

feat(common): next bump #176

feat(common): next bump #176

Conversation

kirill-ivanovvv commented Dec 26, 2024

Nelfimov commented Dec 26, 2024

kirill-ivanovvv commented Dec 26, 2024

Nelfimov commented Dec 26, 2024