Skip to content

New flow of documentation #2179

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 85 commits into from
Sep 2, 2025

add author

91eafd8
Select commit
Loading
Failed to load commit list.
Merged

New flow of documentation #2179

add author
91eafd8
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Trivy failed Sep 2, 2025 in 1m 18s

18 new alerts including 1 critical severity security vulnerability

New alerts in code changed by this pull request

Security Alerts:

  • 1 critical
  • 7 high
  • 9 medium
  • 1 low

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 11019 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-axios: Regular expression denial of service in trim function High

Package: axios
Installed Version: 0.18.1
Vulnerability CVE-2021-3749
Severity: HIGH
Fixed Version: 0.21.2
Link: CVE-2021-3749

Check warning on line 11019 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-axios: allows an attacker to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address Medium

Package: axios
Installed Version: 0.18.1
Vulnerability CVE-2020-28168
Severity: MEDIUM
Fixed Version: 0.21.1
Link: CVE-2020-28168

Check warning on line 11019 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

axios: exposure of confidential data stored in cookies Medium

Package: axios
Installed Version: 0.18.1
Vulnerability CVE-2023-45857
Severity: MEDIUM
Fixed Version: 1.6.0, 0.28.0
Link: CVE-2023-45857

Check failure on line 11019 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

axios: Possible SSRF and Credential Leakage via Absolute URL in axios Requests High

Package: axios
Installed Version: 0.18.1
Vulnerability CVE-2025-27152
Severity: HIGH
Fixed Version: 1.8.2, 0.30.0
Link: CVE-2025-27152

Check failure on line 12243 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

cipher-base: Cipher-base hash manipulation Critical

Package: cipher-base
Installed Version: 1.0.4
Vulnerability CVE-2025-9287
Severity: CRITICAL
Fixed Version: 1.0.5
Link: CVE-2025-9287

Check warning on line 12669 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets Medium

Package: got
Installed Version: 6.7.1
Vulnerability CVE-2022-33987
Severity: MEDIUM
Fixed Version: 12.1.0, 11.8.5
Link: CVE-2022-33987

Check failure on line 16637 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor High

Package: follow-redirects
Installed Version: 1.5.10
Vulnerability CVE-2022-0155
Severity: HIGH
Fixed Version: 1.14.7
Link: CVE-2022-0155

Check warning on line 16637 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

follow-redirects: Exposure of Sensitive Information via Authorization Header leak Medium

Package: follow-redirects
Installed Version: 1.5.10
Vulnerability CVE-2022-0536
Severity: MEDIUM
Fixed Version: 1.14.8
Link: CVE-2022-0536

Check warning on line 16637 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() Medium

Package: follow-redirects
Installed Version: 1.5.10
Vulnerability CVE-2023-26159
Severity: MEDIUM
Fixed Version: 1.15.4
Link: CVE-2023-26159

Check warning on line 16637 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

follow-redirects: Possible credential leak Medium

Package: follow-redirects
Installed Version: 1.5.10
Vulnerability CVE-2024-28849
Severity: MEDIUM
Fixed Version: 1.15.6
Link: CVE-2024-28849

Check failure on line 17884 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability High

Package: http-cache-semantics
Installed Version: 3.8.1
Vulnerability CVE-2022-25881
Severity: HIGH
Fixed Version: 4.1.1
Link: CVE-2022-25881

Check failure on line 19980 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode High

Package: ssri
Installed Version: 5.3.0
Vulnerability CVE-2021-27290
Severity: HIGH
Fixed Version: 6.0.2, 7.1.1, 8.0.1
Link: CVE-2021-27290

Check failure on line 27849 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

node-fetch: exposure of sensitive information to an unauthorized actor High

Package: node-fetch
Installed Version: 1.7.3
Vulnerability CVE-2022-0235
Severity: HIGH
Fixed Version: 3.1.1, 2.6.7
Link: CVE-2022-0235

Check warning on line 29426 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

index.js in the ssri module before 5.2.2 for Node.js is prone to a reg ... Medium

Package: ssri
Installed Version: 4.1.6
Vulnerability CVE-2018-7651
Severity: MEDIUM
Fixed Version: 5.2.2
Link: CVE-2018-7651

Check failure on line 30341 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

cross-spawn: regular expression denial of service High

Package: cross-spawn
Installed Version: 5.1.0
Vulnerability CVE-2024-21538
Severity: HIGH
Fixed Version: 7.0.5, 6.0.6
Link: CVE-2024-21538

Check notice on line 30687 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

tmp: tmp Symbolic Link Write Vulnerability Low

Package: tmp
Installed Version: 0.0.33
Vulnerability CVE-2025-54798
Severity: LOW
Fixed Version: 0.2.4
Link: CVE-2025-54798

Check warning on line 31955 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

webpack-dev-server: webpack-dev-server information exposure Medium

Package: webpack-dev-server
Installed Version: 4.15.2
Vulnerability CVE-2025-30359
Severity: MEDIUM
Fixed Version: 5.2.1
Link: CVE-2025-30359

Check warning on line 31955 in package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

webpack-dev-server: webpack-dev-server information exposure Medium

Package: webpack-dev-server
Installed Version: 4.15.2
Vulnerability CVE-2025-30360
Severity: MEDIUM
Fixed Version: 5.2.1
Link: CVE-2025-30360