[security] 프론트엔드 의존성 보안 업그레이드#115
Open
dasomel wants to merge 1 commit into
Open
Conversation
npm audit 점검 결과 발견된 취약점을 패치 버전으로 업그레이드합니다. - vite ^7.3.1 -> ^7.3.3 - GHSA-4w7w-66w2-5vf9: Path Traversal in Optimized Deps .map Handling (high) - GHSA-v2wj-q39q-566r: server.fs.deny 우회 (high) - GHSA-p9ff-h696-f583: Dev Server WebSocket을 통한 임의 파일 읽기 (high) - qs ^6.14.2 -> ^6.15.2 - GHSA-q8mj-m7cp-5q26: comma-format 배열 처리 시 DoS (moderate) - npm audit fix 적용으로 간접 의존성 취약점 해소 - postcss 8.5.8 -> 8.5.15 (GHSA-qx2v-qp2m-jg93: XSS, moderate) - cross-spawn, picomatch, flatted, form-data 등 간접 의존성 패치
dasomel
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
변경 사유
npm audit 점검 결과 프론트엔드 의존성에서 다수의 보안 취약점이 발견되어 패치 버전으로 업그레이드합니다.
변경 내용
직접 의존성 업그레이드
vite^7.3.1 → ^7.3.3.mapHandlingserver.fs.deny경로 우회qs^6.14.2 → ^6.15.2encodeValuesOnly설정 시 DoS 가능간접 의존성 패치 (npm audit fix)
postcss8.5.8 → 8.5.15 — GHSA-qx2v-qp2m-jg93 (moderate): CSS Stringify XSScross-spawn,picomatch,flatted,form-data,minimatch,brace-expansion,lodash,ajv등 간접 의존성 패치 적용영향 범위
package.json,package-lock.json변경체크리스트