[PR #15944] [CLOSED] fix: resolve npm audit vulnerabilities #47038

New Issue

GiteaMirror · 2026-04-29T22:05:43-05:00

GiteaMirror commented

2026-04-29 22:05:43 -05:00

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/15944
Author: @aloewright
Created: 7/22/2025
Status: ❌ Closed

Base: main ← Head: main

📝 Commits (3)

6c2b9fe Add deployment configurations for Vercel, Netlify, and Render
d25c052 fix: npm audit fixes
5765b91 fix: update Node.js version to 20 for Netlify compatibility

📊 Changes

7 files changed (+3331 additions, -2278 deletions)

View changed files

➕ .github/workflows/deploy-vercel.yml (+35 -0)
➕ README_DEPLOY.md (+81 -0)
➕ netlify.toml (+25 -0)
📝 package-lock.json (+3140 -2275)
📝 package.json (+3 -3)
➕ render.yaml (+17 -0)
➕ vercel.json (+30 -0)

📄 Description

This PR addresses security vulnerabilities identified by npm audit:

Fixes cookie vulnerability (< 0.7.0) that accepts cookie name, path, and domain with out of bounds characters
Resolves esbuild vulnerability (<= 0.24.2) that enables websites to send requests to development server

The fixes involve updating dependencies to secure versions:

Updated @sveltejs/kit and related adapters
Updated vite to address esbuild vulnerabilities
Updated vitest and other related dependencies

These changes help improve the security posture of the project by eliminating known vulnerabilities.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/15944 **Author:** [@aloewright](https://github.com/aloewright) **Created:** 7/22/2025 **Status:** ❌ Closed **Base:** `main` ← **Head:** `main` --- ### 📝 Commits (3) - [`6c2b9fe`](https://github.com/open-webui/open-webui/commit/6c2b9fe0b3a06a1ba7b7ecd75071dd5afc38a074) Add deployment configurations for Vercel, Netlify, and Render - [`d25c052`](https://github.com/open-webui/open-webui/commit/d25c052a85dc261090149ab12927ce18e48a92ff) fix: npm audit fixes - [`5765b91`](https://github.com/open-webui/open-webui/commit/5765b916ec9ae523dee5a60976a4160f1ee12e07) fix: update Node.js version to 20 for Netlify compatibility ### 📊 Changes **7 files changed** (+3331 additions, -2278 deletions) <details> <summary>View changed files</summary> ➕ `.github/workflows/deploy-vercel.yml` (+35 -0) ➕ `README_DEPLOY.md` (+81 -0) ➕ `netlify.toml` (+25 -0) 📝 `package-lock.json` (+3140 -2275) 📝 `package.json` (+3 -3) ➕ `render.yaml` (+17 -0) ➕ `vercel.json` (+30 -0) </details> ### 📄 Description This PR addresses security vulnerabilities identified by npm audit: - Fixes cookie vulnerability (< 0.7.0) that accepts cookie name, path, and domain with out of bounds characters - Resolves esbuild vulnerability (<= 0.24.2) that enables websites to send requests to development server The fixes involve updating dependencies to secure versions: - Updated @sveltejs/kit and related adapters - Updated vite to address esbuild vulnerabilities - Updated vitest and other related dependencies These changes help improve the security posture of the project by eliminating known vulnerabilities. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-04-29 22:05:43 -05:00

GiteaMirror closed this issue

2026-04-29 22:05:44 -05:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#47038