[wp-trac] [WordPress Trac] #47175: Twenty Nineteen: Vulnerability Due To Old Dependency Version
WordPress Trac
noreply at wordpress.org
Thu Jun 13 20:21:45 UTC 2019
#47175: Twenty Nineteen: Vulnerability Due To Old Dependency Version
-----------------------------------+------------------------------
Reporter: mikebronner | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Bundled Theme | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion has-patch | Focuses:
-----------------------------------+------------------------------
Changes (by desrosj):
* keywords: close => 2nd-opinion has-patch
Comment:
While I agree with @jeremyfelt's assessment that this is not going to
affect any distributed version of the theme, it does seem that all the
packages have been updated upstream.
[attachment:"47175.diff"] is the result of running `npm audit fix`. The
result is `postcss-cli` and `chokidar-cli` being upgraded. The problem
dependency for `node-sass` worked itself out in the process due to the way
the version ranges were defined.
I also added `src/wp-content/themes/twentynineteen/node_modules` directory
to the ignore list in [attachment:"47175.diff"].
After the upgrade, running `npm run-script build` results in no changes to
any theme files.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47175#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list