Comments (3)
delucis
commented on May 26, 2024
1
Hi @Marocco2! I'll double check but I'm fairly sure these are caused by Netlify CMS itself and there's nothing this package can do about it.
from astro-netlify-cms.
delucis
commented on May 26, 2024
1
Hi again! I took a look and the only vulnerability reported for me with npm audit is in the trim package, documented here: GHSA-w5p7-h5w8-2hfq
This is pulled in by Netlify CMS as I expected, so not fixable in this repo. I’m not a security expert and I understand the concern these audit logs can cause, but as far as I understand it, the vulnerability is a risk of “ReDoS”, where a maliciously crafted string ties up resources because a regular expression will take a very long time to process it. This is a significant issue when operating a server for example if trim() were being used with unsanitized user input because an attacker could send strings that will cause a server slow down. In the case of Netlify CMS which is an in-browser web app, the risk seems pretty minimal to nonexistent though.
I’ll close this issue as it’s an upstream problem. Thanks for the report though and thanks for the link to that fork! I’ll be sure to keep an eye on it to see if it makes sense to migrate to that new version at some point.
from astro-netlify-cms.
Marocco2
commented on May 26, 2024
I did some research and I came across this fork: https://github.com/StaticJsCMS/static-cms
It may be convenient to migrate to it if they will be actively update their repo
from astro-netlify-cms.
Related Issues (20)
- i18n support HOT 2
- I can't log in to Netlify CMS HOT 2
- admin page is blank, 404 error trying to get admin-dashboard.astro HOT 4
- `netlify-cms-app` import failed to resolve with astro's react integration HOT 11
- Error: spawn netlify-cms-proxy-server ENOENT on "astro dev HOT 8
- Creating a collection for global/page-specific settings HOT 3
- Undefined disableIdentityWidgetInjection causes script to be injected onto every page HOT 1
- Switch from NetlifyCMS to StaticCMS HOT 8
- Localization
- Got This Error HOT 3
- Netlify Identity doesn't seems to be registered by the admin login panel HOT 1
- Customize admin-dashboard.astro layout
- Issues implementing layout to blog posts. HOT 1
- Issue when adding NetlifyCMS to astro config & using getCollection with render() HOT 1
- Upgrade to DecapCMS 3.0 HOT 1
- Invite/reset emails point to a wrong URL when using i18next with `showDefaultLocale: true`
- Automatically generate collections from Content Collections
- Oauth Gateway not working
- Update to Decap HOT 2
- entryPoint is deprecated (includes fix)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from astro-netlify-cms.