conventional-tan
conventional-tan12mo ago

3 high severity vulnerabilities

Recently we're tasked to look into vulnerabilities in the code. We find that the default project creation for refine already has 3 high severity vulnerabilities. We tried to update but it breaks the code. Is there anyone facing such issue? Below is the result when I run npm audit 
# npm audit report

marked  <=4.0.9
Severity: high
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-rrrm-qjm4-v8hf
No fix available
node_modules/marked
  ink-markdown  *
  Depends on vulnerable versions of marked
  node_modules/ink-markdown
    @refinedev/cli  *
    Depends on vulnerable versions of ink-markdown
    node_modules/@refinedev/cli

3 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.
# npm audit report

marked  <=4.0.9
Severity: high
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-5v2h-r2cx-5xgj
Inefficient Regular Expression Complexity in marked - https://github.com/advisories/GHSA-rrrm-qjm4-v8hf
No fix available
node_modules/marked
  ink-markdown  *
  Depends on vulnerable versions of marked
  node_modules/ink-markdown
    @refinedev/cli  *
    Depends on vulnerable versions of ink-markdown
    node_modules/@refinedev/cli

3 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.
7 Replies
kapa.ai
kapa.ai12mo ago
Hi @stelarinc. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- Hmm, I don't know enough to give you a confident answer yet. The information extracts provided do not contain specific details about handling vulnerabilities in refine. It would be best to reach out to the refine community or check the official documentation for more information on this issue. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
kapa.ai
kapa.ai12mo ago
<@1066527438663860284> kapa.ai is still learning and improving, please let us know how it did by reacting below
conventional-tan
conventional-tan12mo ago
@kapa.ai , where can I find the community?
kapa.ai
kapa.ai12mo ago
Let me check the knowledge base for you. One moment! :books: ---------------------- You can find the refine community in several places: - Discord (https://discord.gg/refine): This is the easiest way to get help and ask questions to the developers and other users. All questions are usually answered in around 30 minutes. - GitHub Discussions (https://github.com/refinedev/refine/discussions): Here you can ask anything about the refine project or give feedback. - Community Room (https://discord.gg/refine): If you plan to work on an issue or a new feature, you can discuss it with other community members/maintainers here. You can also follow refine on Twitter (https://twitter.com/refine_dev) for updates and announcements. If you're interested in contributing to refine, you can learn how to do so here (https://refine.dev/docs/contributing/). ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
kapa.ai
kapa.ai12mo ago
<@1066527438663860284> kapa.ai is still learning and improving, please let us know how it did by reacting below
magic-amber
magic-amber12mo ago
Hey @stelarinc 👋 This is related to a dependency in our @refinedev/cli package, which is not included in the bundle and only used in the development environment. Let us investigate how to get rid of these warnings but these warnings are in safe area 🙏
conventional-tan
conventional-tan12mo ago
That's great! Thank you!
More Posts
i just install refine and in the components folder i didn't find layout , title and slide foldershow can i fix thisDataGridPro filtering issueHello, I'm using DataGridPro with server side pagination, sorting, and filtering, ```ts useTable hook with post methoduseTable use useList which uses get method, i want to use post method??useModalForm seems to be invalidating all data that's present on the site, is there any way around?I'm using useModalForm to create a nested entity (say I am in the edit form of a Post and I want to Is it possible to use useTable without Sync?Lets say I want to use useTable for a dynamic searchForm inside of a Wizard. How would I deactivate tableProps Dependent on useShow() Attribute Causing ErrorHello, I have a 'show' page for a store that queries for its products by using a permanent on the pcypress auth0 loginHi, I am using Auth0 to log in to my app and the login page is hosted on the Auth0 website which ususeModalForm show() doesn't do anything after modal is opened and closed oncetitleSelect - Getting Label based on Foreign KeyHi! I have a resource `locationProducts`, which maps a 'locationID' to a 'productID' from another rAntd Filter Search Not VisibleHi! I'm following the Antd table documentation, which offers filterSearch. When I try adding it t