PDavid commented on PR #6: URL: https://github.com/apache/phoenix-site/pull/6#issuecomment-4125066973
Hi @yuriipalam, Thanks for this, looks nice already. I found some links in the generated PDF (https://phoenix-beta.staged.apache.org/books/apache-phoenix-reference-guide.pdf) whihc points to localhost (for example Download, Issues, Source but also link to FAQs, etc): <img width="2103" height="1657" alt="image" src="https://github.com/user-attachments/assets/9de1b84e-d34f-4335-bd35-2d25672d55a7"; /> Can you please check these? Besides npm audit reports quite some vulnerable dependencies. ``` npm audit # npm audit report ajv <6.14.0 || >=7.0.0-alpha.0 <8.18.0 Severity: moderate ajv has ReDoS when using `$data` option - https://github.com/advisories/GHSA-2g4f-4pwh-qvx6 ajv has ReDoS when using `$data` option - https://github.com/advisories/GHSA-2g4f-4pwh-qvx6 fix available via `npm audit fix` node_modules/ajv node_modules/serve/node_modules/ajv serve 7.0.0 - 14.2.5 Depends on vulnerable versions of ajv Depends on vulnerable versions of serve-handler node_modules/serve flatted <=3.4.1 Severity: high flatted vulnerable to unbounded recursion DoS in parse() revive phase - https://github.com/advisories/GHSA-25h7-pfq9-p65f Prototype Pollution via parse() in NodeJS flatted - https://github.com/advisories/GHSA-rf6f-7fwh-wjgh fix available via `npm audit fix` node_modules/flatted minimatch <=3.1.3 || 9.0.0 - 9.0.6 Severity: high minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26 minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26 minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74 minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74 fix available via `npm audit fix` node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch node_modules/minimatch serve-handler 1.1.0 - 6.1.6 Depends on vulnerable versions of minimatch node_modules/serve-handler rollup 4.0.0 - 4.58.0 Severity: high Rollup 4 has Arbitrary File Write via Path Traversal - https://github.com/advisories/GHSA-mw96-cpmx-2vgc fix available via `npm audit fix` node_modules/rollup tar <=7.5.10 Severity: high tar has Hardlink Path Traversal via Drive-Relative Linkpath - https://github.com/advisories/GHSA-qffp-2rhf-9h96 node-tar Symlink Path Traversal via Drive-Relative Linkpath - https://github.com/advisories/GHSA-9ppj-qmqm-q256 fix available via `npm audit fix` node_modules/tar 7 vulnerabilities (1 moderate, 6 high) To address all issues, run: npm audit fix ``` It can be reduced with `npm audit fix` to one moderate. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
