Skip to content

Retire le recrutement économiste de 01.2024 et fixe des vulnérabilités de librairies

sandcha requested to merge remove-eco-job-2 into master
  • Dans la section recrutement, retire l'offre économiste (post-départ Mahdi)
  • Met à jour la version de NodeJS en CI de la 16 à la 20 (les versions 18 ou 20 sont déjà employées dans nos autres dépôts concernés)
  • Met à jour les librairies avec la commande npm audit fix
  • Indique brièvement dans la documentation la méthode de mise à jour des librairies (`npm update` conseillé plutôt que de commencer par l'audit comme on l'a fait ici)

Changements de la page recrutement

avant après
Capture_d<span data-escaped-char><span data-escaped-char><span data-escaped-char><span data-escaped-char>_</span></span></span></span>écran_2024-02-01<span data-escaped-char><span data-escaped-char><span data-escaped-char><span data-escaped-char>_</span></span></span></span>à<span data-escaped-char><span data-escaped-char><span data-escaped-char><span data-escaped-char>_</span></span></span></span>13.42.50 Capture_d<span data-escaped-char><span data-escaped-char><span data-escaped-char><span data-escaped-char>_</span></span></span></span>écran_2024-02-01<span data-escaped-char><span data-escaped-char><span data-escaped-char><span data-escaped-char>_</span></span></span></span>à<span data-escaped-char><span data-escaped-char><span data-escaped-char><span data-escaped-char>_</span></span></span></span>13.41.06

Problème initial sur les librairies :

$ npm audit

# npm audit report

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix`
node_modules/postcss

undici  <5.26.2
Undici's cookie header not cleared on cross-origin redirect in fetch - https://github.com/advisories/GHSA-wqq4-5wpv-mx2g
fix available via `npm audit fix`
node_modules/undici
  @sveltejs/kit  1.0.0-next.0 - 1.25.2
  Depends on vulnerable versions of undici
  node_modules/@sveltejs/kit

vite  4.0.0 - 4.5.1
Severity: high
Vite XSS vulnerability in `server.transformIndexHtml` via URL payload - https://github.com/advisories/GHSA-92r3-m2mg-pj97
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem - https://github.com/advisories/GHSA-c24v-8rfc-w8vw
fix available via `npm audit fix`
node_modules/vite

4 vulnerabilities (2 low, 1 moderate, 1 high)

To address all issues, run:
  npm audit fix
Edited by sandcha

Merge request reports

Loading