Skip to content

SmartPay Training Sprint 23 v2.2
Compare
Choose a tag to compare
@JennaySDavis JennaySDavis released this 09 Feb 20:56
· 286 commits to staging since this release
smartpay-training-v2.2
c335023
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

This release includes the following:

  • Dependabot Alert: crypto-js PBKDF2 is 1,000 times weaker than specified in 1993 and 1.3M times weaker than the current standard
  • Dependabot Alert: Zod denial of service vulnerability
  • Dependabot Alert: Undici's cookie header is not cleared on cross-origin redirect in the fetch
  • Dependabot Alert: Follow Redirects improperly handles URLs in the url.parse() function
  • Dependabot Alert: Axios Cross-Site Request Forgery Vulnerability
  • Dependabot Alert: Babel is vulnerable to arbitrary code execution when compiling specifically crafted malicious code
  • Dependabot Alert: Vite XSS vulnerability in server.transformIndexHtml via URL payload
  • Dependabot Alert: Vite dev server option server.fs.deny can be bypassed when hosted on case-insensitive filesystem

What's Changed

Full Changelog: smartpay-training-v2.1...smartpay-training-v2.2

Contributors

felder101
Assets 2
Loading