github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-08 12:58:11 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #1189] [CLOSED] patches from npm security audit #36222

New Issue
Closed
opened 2026-04-25 10:11:58 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-25 10:11:58 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/1189
Author: @nightness
Created: 3/17/2024
Status: Closed

Base: mainHead: main

📝 Commits (4)

  • 917e76a patches from npm security audit
  • 361d9c7 patches from npm security audit
  • 35a1940 removed lock files per request
  • 1dfed60 removed "c" from npm

📊 Changes

4 files changed (+9 additions, -6141 deletions)

View changed files

📝 .gitignore (+7 -1)
📝 Dockerfile (+2 -2)
bun.lockb (+0 -0)
package-lock.json (+0 -6138)

📄 Description

Description

Security update of packages provided by "npm audit fix"

(base) nightness@Mac-mini open-webui % npm i

added 299 packages, and audited 300 packages in 5s

65 packages are looking for funding
  run `npm fund` for details

3 vulnerabilities (2 low, 1 high)

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
(base) nightness@Mac-mini open-webui % npm audit
# npm audit report

undici  <=5.28.2
Undici proxy-authorization header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-3787-6prv-h9w3
fix available via `npm audit fix`
node_modules/undici
  @sveltejs/kit  1.0.0-next.0 - 1.30.3
  Depends on vulnerable versions of undici
  node_modules/@sveltejs/kit

vite  4.0.0 - 4.5.1
Severity: high
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem - https://github.com/advisories/GHSA-c24v-8rfc-w8vw
fix available via `npm audit fix`
node_modules/vite

3 vulnerabilities (2 low, 1 high)

To address all issues, run:
  npm audit fix

(base) nightness@Mac-mini open-webui % npm audit fix

changed 4 packages, and audited 300 packages in 6s

65 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

---

### Changelog Entry
package-lock.json modified

### Changed
package-lock.json modified



---

<sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/1189 **Author:** [@nightness](https://github.com/nightness) **Created:** 3/17/2024 **Status:** ❌ Closed **Base:** `main` ← **Head:** `main` --- ### 📝 Commits (4) - [`917e76a`](https://github.com/open-webui/open-webui/commit/917e76a7d318c7bf18c8b01223c6dc1897f14de5) patches from npm security audit - [`361d9c7`](https://github.com/open-webui/open-webui/commit/361d9c787b2c5849bddb90834d3027de68f9c9b2) patches from npm security audit - [`35a1940`](https://github.com/open-webui/open-webui/commit/35a1940641dddce448827b83fadd32bad45927bb) removed lock files per request - [`1dfed60`](https://github.com/open-webui/open-webui/commit/1dfed60af62b4222aa16ec4dabb34ee09fbd3b50) removed "c" from npm ### 📊 Changes **4 files changed** (+9 additions, -6141 deletions) <details> <summary>View changed files</summary> 📝 `.gitignore` (+7 -1) 📝 `Dockerfile` (+2 -2) ➖ `bun.lockb` (+0 -0) ➖ `package-lock.json` (+0 -6138) </details> ### 📄 Description ## Description Security update of packages provided by "npm audit fix" ``` (base) nightness@Mac-mini open-webui % npm i added 299 packages, and audited 300 packages in 5s 65 packages are looking for funding run `npm fund` for details 3 vulnerabilities (2 low, 1 high) To address all issues, run: npm audit fix Run `npm audit` for details. (base) nightness@Mac-mini open-webui % npm audit # npm audit report undici <=5.28.2 Undici proxy-authorization header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-3787-6prv-h9w3 fix available via `npm audit fix` node_modules/undici @sveltejs/kit 1.0.0-next.0 - 1.30.3 Depends on vulnerable versions of undici node_modules/@sveltejs/kit vite 4.0.0 - 4.5.1 Severity: high Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem - https://github.com/advisories/GHSA-c24v-8rfc-w8vw fix available via `npm audit fix` node_modules/vite 3 vulnerabilities (2 low, 1 high) To address all issues, run: npm audit fix (base) nightness@Mac-mini open-webui % npm audit fix changed 4 packages, and audited 300 packages in 6s 65 packages are looking for funding run `npm fund` for details found 0 vulnerabilities --- ### Changelog Entry package-lock.json modified ### Changed package-lock.json modified --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-25 10:11:58 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#36222
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?