When I try to use the following (latest) packages:
"devDependencies": {
"@roots/bud": "6.23.2",
"@roots/bud-swc": "^6.23.2",
"@roots/bud-tailwindcss": "6.23.2",
"@roots/eslint-config": "^6.23.2",
"@roots/sage": "6.23.2",
"@tailwindcss/aspect-ratio": "^0.4.2",
"@types/luxon": "^3.4.2",
"@types/react": "^18.3.3",
"@types/react-dom": "^18.3.0",
"@types/wordpress__block-editor": "^11.5.15",
"@types/wordpress__blocks": "^12.5.14",
"@types/wordpress__edit-post": "^7.5.7",
"eslint": "^8.56.0",
"prisma": "5.18.0",
"stylelint": "^16.8.2",
"type-fest": "^4.24.0"
},
"dependencies": {
"@prisma/client": "5.18.0",
"@wordpress/server-side-render": "^5.5.0",
"framer-motion": "^11.3.28",
"htmx.org": "^1.9.12",
"luxon": "^3.5.0",
"react": "^18.3.1",
"react-dom": "^18.3.1",
"react-swipeable": "^7.0.1",
"recaptcha-v3": "^1.11.3"
}
I’m getting the following when I run npm audit
:
axios 1.3.2 - 1.7.3
Severity: high
Server-Side Request Forgery in axios - https://github.com/advisories/GHSA-8hc4-vh64-cxmj
fix available via `npm audit fix --force`
Will install @roots/bud@2023.2.11, which is a breaking change
node_modules/axios
@roots/bud-support 0.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of axios
node_modules/@roots/bud-support
@roots/bud 0.0.0 || 3.2.0-next.0 - 4.0.0 || 5.7.5 || 6.10.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud-api
Depends on vulnerable versions of @roots/bud-build
Depends on vulnerable versions of @roots/bud-cache
Depends on vulnerable versions of @roots/bud-compiler
Depends on vulnerable versions of @roots/bud-dashboard
Depends on vulnerable versions of @roots/bud-entrypoints
Depends on vulnerable versions of @roots/bud-extensions
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-hooks
Depends on vulnerable versions of @roots/bud-minify
Depends on vulnerable versions of @roots/bud-server
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud
@roots/bud-entrypoints 0.0.0 || 3.2.0-next.0 - 4.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud
Depends on vulnerable versions of @roots/bud-framework
node_modules/@roots/bud-entrypoints
@roots/sage 0.0.0 || 3.2.0-next.0 - 4.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud
Depends on vulnerable versions of @roots/bud-build
Depends on vulnerable versions of @roots/bud-entrypoints
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-postcss
Depends on vulnerable versions of @roots/bud-preset-wordpress
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/sage
@roots/bud-preset-recommend 0.0.0 || 3.2.0-next.0 - 4.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-postcss
Depends on vulnerable versions of @roots/bud-swc
node_modules/@roots/bud-preset-recommend
@roots/bud-swc 0.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud-swc
@roots/bud-tailwindcss <=2.0.0-next.32 || 3.2.0-next.0 - 4.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-postcss
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud-tailwindcss
@roots/bud-tailwindcss-theme-json 0.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-support
Depends on vulnerable versions of @roots/bud-wordpress-theme-json
node_modules/@roots/bud-tailwindcss-theme-json
@roots/bud-wordpress-dependencies 0.0.0 || 3.2.0-next.0 - 4.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud
Depends on vulnerable versions of @roots/bud-framework
node_modules/@roots/bud-wordpress-dependencies
@roots/bud-preset-wordpress 0.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud-extensions
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-preset-recommend
Depends on vulnerable versions of @roots/bud-react
Depends on vulnerable versions of @roots/bud-support
Depends on vulnerable versions of @roots/bud-tailwindcss-theme-json
Depends on vulnerable versions of @roots/bud-wordpress-dependencies
Depends on vulnerable versions of @roots/bud-wordpress-externals
Depends on vulnerable versions of @roots/bud-wordpress-theme-json
node_modules/@roots/bud-preset-wordpress
@roots/bud-api 0.0.0 || 5.7.5 || 6.10.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud-extensions
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-minify
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud-api
@roots/bud-build 0.0.0 || 3.2.0-next.0 - 4.0.0 || 5.7.5 || 6.10.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud-build
@roots/bud-postcss 0.0.0 || 3.2.0-next.0 - 4.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud-build
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud-postcss
@roots/bud-cache 0.0.0 || 3.2.0-next.0 - 4.0.0 || 6.10.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud-cache
@roots/bud-compiler 0.0.0 || 3.2.0-next.0 - 4.0.0 || 6.10.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud-dashboard
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud-compiler
@roots/bud-dashboard 0.0.0 || 3.2.0-next.0 - 4.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud-dashboard
@roots/bud-extensions 0.0.0 || 3.2.0-next.0 - 4.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-minify
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud-extensions
@roots/bud-framework 0.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud-framework
@roots/bud-hooks 0.0.0 || 3.2.0-next.0 - 4.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud-hooks
@roots/bud-react 0.0.0 || 3.2.0-next.0 - 4.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud-react
@roots/bud-server 0.0.0 || 3.2.0-next.0 - 4.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud-server
@roots/bud-wordpress-externals 0.0.0 || 3.2.0-next.0 - 4.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud-framework
node_modules/@roots/bud-wordpress-externals
@roots/bud-minify *
Depends on vulnerable versions of @roots/bud
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud-minify
@roots/bud-wordpress-theme-json 0.0.0 || 6.11.0 - 6.23.2 || >=2023.2.12
Depends on vulnerable versions of @roots/bud-framework
Depends on vulnerable versions of @roots/bud-support
node_modules/@roots/bud-wordpress-theme-json
25 high severity vulnerabilities