Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cookie dependency to a patched version (>=0.7.0) ? #73

Open
ultraviolet007rainbow opened this issue Oct 13, 2024 · 2 comments
Open

cookie dependency to a patched version (>=0.7.0) ? #73

ultraviolet007rainbow opened this issue Oct 13, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@ultraviolet007rainbow
Copy link

Bug report

low │ cookie accepts cookie name, path, and domain with out │
│ │ of bounds characters │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ cookie │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <0.7.0 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=0.7.0 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths │ . > @supabase/[email protected] > [email protected]
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ GHSA-pxg6-pf52-xh8x

  • [ x] I confirm this is a bug with Supabase, not with my own application.
  • [ x] I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

A clear and concise description of what the bug is.

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

  1. Go to '…'
  2. Click on '…'
  3. Scroll down to '…'
  4. See error

Expected behavior

A clear and concise description of what you expected to happen.

Screenshots

If applicable, add screenshots to help explain your problem.

System information

  • OS: [e.g. macOS, Windows]
  • Browser (if applies) [e.g. chrome, safari]
  • Version of supabase-js: [e.g. 6.0.2]
  • Version of Node.js: [e.g. 10.10.0]

Additional context

Add any other context about the problem here.
@ultraviolet007rainbow ultraviolet007rainbow added the bug Something isn't working label Oct 13, 2024
@XStarlink
Copy link

Hello, I was going to create an isue to report the same thing but then I comment here, I have NPM that tells me there is a vulnerability in @supabase/ssr

# npm audit report

cookie  <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
fix available via `npm audit fix --force`
Will install @nuxtjs/[email protected], which is a breaking change
node_modules/cookie
  @supabase/ssr  *
  Depends on vulnerable versions of cookie
  node_modules/@supabase/ssr
    @nuxtjs/supabase  >=1.3.1
    Depends on vulnerable versions of @supabase/ssr
    node_modules/@nuxtjs/supabase

Thanks for your work!

@siimsams siimsams mentioned this issue Oct 23, 2024
Open
@siimsams
Copy link

siimsams commented Nov 1, 2024

@J0 This is still issue. Can you release the current release candidate?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@siimsams @XStarlink @ultraviolet007rainbow