You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
run npm install @wordpress/scripts or go through npx @wordpress/create-block
run npm audit
Screenshots, screen recording, code snippet
ws 8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install @wordpress/scripts@19.2.4, which is a breaking change
node_modules/lighthouse/node_modules/puppeteer-core/node_modules/ws
node_modules/puppeteer-core/node_modules/ws
puppeteer-core 11.0.0 - 22.11.1
Depends on vulnerable versions of ws
node_modules/lighthouse/node_modules/puppeteer-core
node_modules/puppeteer-core
@wordpress/scripts >=20.0.0
Depends on vulnerable versions of @wordpress/e2e-test-utils-playwright
Depends on vulnerable versions of puppeteer-core
node_modules/@wordpress/scripts
lighthouse 9.6.1 - 11.5.0
Depends on vulnerable versions of puppeteer-core
node_modules/lighthouse
@wordpress/e2e-test-utils-playwright >=0.9.1-next.5a1d1283.0
Depends on vulnerable versions of lighthouse
node_modules/@wordpress/e2e-test-utils-playwright
Environment info
Unsure if this bit matters, but for what's worth:
Tested on 2 MacBook Pros with macOS 14.5 (Sonoma) with (respectively) i9 and M1 architecture
Node versions ^20 and ^22
npm versions 10.7 & ^10.8.0
Please confirm that you have searched existing issues in the repo.
Yes
Please confirm that you have tested with all plugins deactivated except Gutenberg.
Yes
The text was updated successfully, but these errors were encountered:
Description
Installing
@wordpress/scripts
package throws vulnerability errors with npm.Terminal responds with “5 high severity issues” that appear to stemming from
ws
,puppeteer-core
, andlighthouse
.What I’ve tried:
npm audit fix --force
downgrades @wordpress/scripts to v19.2.4, unsurprisingly causing 47 other vulnerabilities.overrides
param inpackage.json
fixes the issue.Step-by-step reproduction instructions
npm install @wordpress/scripts
or go throughnpx @wordpress/create-block
npm audit
Screenshots, screen recording, code snippet
Environment info
Unsure if this bit matters, but for what's worth:
Please confirm that you have searched existing issues in the repo.
Please confirm that you have tested with all plugins deactivated except Gutenberg.
The text was updated successfully, but these errors were encountered: