github/Fabric
1
1
Fork 0
mirror of https://github.com/danielmiessler/Fabric.git synced 2026-02-17 01:12:08 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,503 Commits 1 Branch 376 Tags
v1.4.395
Commit Graph

9 Commits

Author SHA1 Message Date
Kayvan Sylvan
5d93f126d4 security: remove cn package to fix string and request vulnerabilities 
Removes the cn (Chuck Norris jokes) package which was pulling in
vulnerable versions of string and request packages with no patches
available. This resolves 5 Dependabot alerts:
- Alert #52: string package (HIGH) - ReDoS
- Alert #35: string package (HIGH) - ReDoS
- Alert #61: request package (MEDIUM) - SSRF
- Alert #44: request package (MEDIUM) - SSRF
- Alert #38: request package (MEDIUM) - Remote Memory Exposure

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-25 15:07:41 -08:00
Kayvan Sylvan
f151646838 security: fix medium severity esbuild vulnerability 
Fix Dependabot alert #76 (MEDIUM):
- esbuild vulnerability: allows any website to send requests to
  development server and read responses
- Updated from 0.21.5 (vulnerable) to 0.27.2 via pnpm/npm overrides

Build verified successful. All tests pass.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-25 14:26:27 -08:00
Kayvan Sylvan
03a496912f security: add npm support with package-lock.json for dual package manager compatibility 
Changes:
- Added npm "overrides" section to package.json alongside existing pnpm overrides
- Generated and tracked package-lock.json with security fixes applied
- Removed web/package-lock.json from .gitignore to support npm users
- Both npm and pnpm now enforce secure dependency versions

This enables developers to use either pnpm or npm while maintaining
consistent security posture across both package managers.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-25 13:53:00 -08:00
jmd1010
8bff9764f8 Remove sensitive and generated files from tracking 2025-02-19 22:17:20 -05:00
jmd1010
717eb585b5 Setup backup configuration and update dependencies 2025-02-18 14:10:19 -05:00
John
9b38c8d5aa Updates 2024-12-16 18:40:15 -05:00
dependabot[bot]
79b27253cd build(deps-dev): bump @sveltejs/kit 
Bumps the npm_and_yarn group with 1 update in the /web directory: [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit).


Updates `@sveltejs/kit` from 2.8.4 to 2.9.0
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.9.0/packages/kit)

---
updated-dependencies:
- dependency-name: "@sveltejs/kit"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-04 11:26:01 +00:00
dependabot[bot]
63b357168e build(deps-dev): bump @sveltejs/kit 
Bumps the npm_and_yarn group with 1 update in the /web directory: [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit).


Updates `@sveltejs/kit` from 2.6.1 to 2.8.4
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.8.4/packages/kit)

---
updated-dependencies:
- dependency-name: "@sveltejs/kit"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-11-26 21:40:49 +00:00
John
7043f78f1f john 2024-11-26 08:40:21 2024-11-26 08:50:31 -05:00