High vulnerability advisory on rollup-plugin-terser (remote code execution) #2751
Comments
hakimel
added a commit
that referenced
this issue
Aug 19, 2020
|
Thanks for reporting—I've upgraded |
github-actions bot
added a commit
to vlaci/nix-doom-emacs
that referenced
this issue
Sep 11, 2020
## Changelog for reveal.js: Commits: [hakimel/reveal.js@15815efe...e09437f4](hakimel/reveal.js@15815ef...e09437f) * [`942304d8`](hakimel/reveal.js@942304d) add --slide-width/height css variables * [`cd5c9c5b`](hakimel/reveal.js@cd5c9c5) build js * [`61624aea`](hakimel/reveal.js@61624ae) 🤦 * [`7ebade72`](hakimel/reveal.js@7ebade7) remove 20px vertical padding on slide sections * [`c9107476`](hakimel/reveal.js@c910747) don't write '#/' to url on first slide, remove history api feature detection * [`d272628f`](hakimel/reveal.js@d272628) add support for data-visibility=hidden * [`ac79c7cd`](hakimel/reveal.js@ac79c7c) leave the progress bar empty if there's < 2 slides * [`166af893`](hakimel/reveal.js@166af89) all themes now have contrasting text colors based on slide bg * [`37d83374`](hakimel/reveal.js@37d8337) add support for wrapping code in script tempalte to avoid html parser hakimel/reveal.js#2684 * [`66cbd66f`](hakimel/reveal.js@66cbd66) fix slide numbering issue with uncounted horizontal slides (fixes hakimel/reveal.js#2675) * [`1b6a3b1e`](hakimel/reveal.js@1b6a3b1) add support for auto-sized big text via r-fit-text * [`aa667791`](hakimel/reveal.js@aa66779) fit-text helper now triggers lazyily when slide enters view distance * [`be460814`](hakimel/reveal.js@be46081) correct scope for fit-text selector * [`cd2a7924`](hakimel/reveal.js@cd2a792) allow images inside of h/vstacks to be proportionally downsized * [`2fccb774`](hakimel/reveal.js@2fccb77) add 'playsinline' to all inline videos, dont mute background videos on mobile * [`9ff27cfb`](hakimel/reveal.js@9ff27cf) bg videos remain muted on mobile, otherwise broken when navigating with swipe gestures * [`2bfe705e`](hakimel/reveal.js@2bfe705) include /css and /js in npm package hakimel/reveal.js#2712 * [`b05e530f`](hakimel/reveal.js@b05e530) Fix URL to pdf-export documentation * [`3a99a7b7`](hakimel/reveal.js@3a99a7b) shuffle now applies to vertical slides as well * [`a150d0c5`](hakimel/reveal.js@a150d0c) Start relative paths in CSS with ./ * [`80d96b4f`](hakimel/reveal.js@80d96b4) upgrade rollup-plugin-terser to fix npm warning hakimel/reveal.js#2751 * [`faa8b56e`](hakimel/reveal.js@faa8b56) dependency upgrades * [`aa62bd42`](hakimel/reveal.js@aa62bd4) Update README.md * [`2c121d22`](hakimel/reveal.js@2c121d2) docs: Fix simple typo, transiition -> transition * [`676936e3`](hakimel/reveal.js@676936e) revert debug change to index.html * [`e09437f4`](hakimel/reveal.js@e09437f) escape HTML entities in code parsed from markdown, fixes hakimel/reveal.js#2744
vlaci
pushed a commit
to vlaci/nix-doom-emacs
that referenced
this issue
Sep 17, 2020
## Changelog for reveal.js: Commits: [hakimel/reveal.js@15815efe...e09437f4](hakimel/reveal.js@15815ef...e09437f) * [`942304d8`](hakimel/reveal.js@942304d) add --slide-width/height css variables * [`cd5c9c5b`](hakimel/reveal.js@cd5c9c5) build js * [`61624aea`](hakimel/reveal.js@61624ae) 🤦 * [`7ebade72`](hakimel/reveal.js@7ebade7) remove 20px vertical padding on slide sections * [`c9107476`](hakimel/reveal.js@c910747) don't write '#/' to url on first slide, remove history api feature detection * [`d272628f`](hakimel/reveal.js@d272628) add support for data-visibility=hidden * [`ac79c7cd`](hakimel/reveal.js@ac79c7c) leave the progress bar empty if there's < 2 slides * [`166af893`](hakimel/reveal.js@166af89) all themes now have contrasting text colors based on slide bg * [`37d83374`](hakimel/reveal.js@37d8337) add support for wrapping code in script tempalte to avoid html parser hakimel/reveal.js#2684 * [`66cbd66f`](hakimel/reveal.js@66cbd66) fix slide numbering issue with uncounted horizontal slides (fixes hakimel/reveal.js#2675) * [`1b6a3b1e`](hakimel/reveal.js@1b6a3b1) add support for auto-sized big text via r-fit-text * [`aa667791`](hakimel/reveal.js@aa66779) fit-text helper now triggers lazyily when slide enters view distance * [`be460814`](hakimel/reveal.js@be46081) correct scope for fit-text selector * [`cd2a7924`](hakimel/reveal.js@cd2a792) allow images inside of h/vstacks to be proportionally downsized * [`2fccb774`](hakimel/reveal.js@2fccb77) add 'playsinline' to all inline videos, dont mute background videos on mobile * [`9ff27cfb`](hakimel/reveal.js@9ff27cf) bg videos remain muted on mobile, otherwise broken when navigating with swipe gestures * [`2bfe705e`](hakimel/reveal.js@2bfe705) include /css and /js in npm package hakimel/reveal.js#2712 * [`b05e530f`](hakimel/reveal.js@b05e530) Fix URL to pdf-export documentation * [`3a99a7b7`](hakimel/reveal.js@3a99a7b) shuffle now applies to vertical slides as well * [`a150d0c5`](hakimel/reveal.js@a150d0c) Start relative paths in CSS with ./ * [`80d96b4f`](hakimel/reveal.js@80d96b4) upgrade rollup-plugin-terser to fix npm warning hakimel/reveal.js#2751 * [`faa8b56e`](hakimel/reveal.js@faa8b56) dependency upgrades * [`aa62bd42`](hakimel/reveal.js@aa62bd4) Update README.md * [`2c121d22`](hakimel/reveal.js@2c121d2) docs: Fix simple typo, transiition -> transition * [`676936e3`](hakimel/reveal.js@676936e) revert debug change to index.html * [`e09437f4`](hakimel/reveal.js@e09437f) escape HTML entities in code parsed from markdown, fixes hakimel/reveal.js#2744
vlaci
pushed a commit
to vlaci/nix-doom-emacs
that referenced
this issue
Sep 17, 2020
## Changelog for reveal.js: Commits: [hakimel/reveal.js@15815efe...e09437f4](hakimel/reveal.js@15815ef...e09437f) * [`942304d8`](hakimel/reveal.js@942304d) add --slide-width/height css variables * [`cd5c9c5b`](hakimel/reveal.js@cd5c9c5) build js * [`61624aea`](hakimel/reveal.js@61624ae) 🤦 * [`7ebade72`](hakimel/reveal.js@7ebade7) remove 20px vertical padding on slide sections * [`c9107476`](hakimel/reveal.js@c910747) don't write '#/' to url on first slide, remove history api feature detection * [`d272628f`](hakimel/reveal.js@d272628) add support for data-visibility=hidden * [`ac79c7cd`](hakimel/reveal.js@ac79c7c) leave the progress bar empty if there's < 2 slides * [`166af893`](hakimel/reveal.js@166af89) all themes now have contrasting text colors based on slide bg * [`37d83374`](hakimel/reveal.js@37d8337) add support for wrapping code in script tempalte to avoid html parser hakimel/reveal.js#2684 * [`66cbd66f`](hakimel/reveal.js@66cbd66) fix slide numbering issue with uncounted horizontal slides (fixes hakimel/reveal.js#2675) * [`1b6a3b1e`](hakimel/reveal.js@1b6a3b1) add support for auto-sized big text via r-fit-text * [`aa667791`](hakimel/reveal.js@aa66779) fit-text helper now triggers lazyily when slide enters view distance * [`be460814`](hakimel/reveal.js@be46081) correct scope for fit-text selector * [`cd2a7924`](hakimel/reveal.js@cd2a792) allow images inside of h/vstacks to be proportionally downsized * [`2fccb774`](hakimel/reveal.js@2fccb77) add 'playsinline' to all inline videos, dont mute background videos on mobile * [`9ff27cfb`](hakimel/reveal.js@9ff27cf) bg videos remain muted on mobile, otherwise broken when navigating with swipe gestures * [`2bfe705e`](hakimel/reveal.js@2bfe705) include /css and /js in npm package hakimel/reveal.js#2712 * [`b05e530f`](hakimel/reveal.js@b05e530) Fix URL to pdf-export documentation * [`3a99a7b7`](hakimel/reveal.js@3a99a7b) shuffle now applies to vertical slides as well * [`a150d0c5`](hakimel/reveal.js@a150d0c) Start relative paths in CSS with ./ * [`80d96b4f`](hakimel/reveal.js@80d96b4) upgrade rollup-plugin-terser to fix npm warning hakimel/reveal.js#2751 * [`faa8b56e`](hakimel/reveal.js@faa8b56) dependency upgrades * [`aa62bd42`](hakimel/reveal.js@aa62bd4) Update README.md * [`2c121d22`](hakimel/reveal.js@2c121d2) docs: Fix simple typo, transiition -> transition * [`676936e3`](hakimel/reveal.js@676936e) revert debug change to index.html * [`e09437f4`](hakimel/reveal.js@e09437f) escape HTML entities in code parsed from markdown, fixes hakimel/reveal.js#2744
R0bes
pushed a commit
to R0bes/Terraform-Presentation
that referenced
this issue
Jun 7, 2021
harryleesan
pushed a commit
to harryleesan/reveal.js
that referenced
this issue
Oct 4, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, love this project.
Seems like there's a recent vulnerability advisory regarding rollup-plugin-terser:
the recommendation is to
npm install --save-dev rollup-plugin-terser@7.0.0since the current version is 5.3.0, do you know if it's a breaking change? I manually updated it to 7.0.0 in
package.jsonon a test project and everything seems fine after a quick test.The text was updated successfully, but these errors were encountered: