liamcain / obsidian-calendar-ui Goto Github PK
View Code? Open in Web Editor NEWThe UI that powers the obsidian-calendar-plugin
License: MIT License
obsidian-calendar-ui's People
Contributors
Stargazers
Watchers
Forkers
vanadium23 quentinus95 jldeen formulahunter fredr02 muejam09 usagizmo thunt-career joscha-alisch brianrodri pourmand1376obsidian-calendar-ui's Issues
Security vulnerability due to svelte< 3.49.0
NPM complains when trying to install any package that depends on obsidian-calendar-ui due to a dependency on svelte < 4.59.0.
For example, when installing any package or plugin that depends on the latest versions of dataview, which in turn depend on obsidian-calendar-ui:
$ npm i
added 261 packages, and audited 262 packages in 22s
96 packages are looking for funding
run `npm fund` for details
3 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
$ npm audit
# npm audit report
svelte <3.49.0
Severity: moderate
Svelte vulnerable to XSS when using objects during server-side rendering - https://github.com/advisories/GHSA-wv8q-r932-8hc7
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/svelte
obsidian-calendar-ui *
Depends on vulnerable versions of svelte
node_modules/obsidian-calendar-ui
obsidian-dataview >=0.4.22
Depends on vulnerable versions of obsidian-calendar-ui
node_modules/obsidian-dataview
3 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
The issue is flagged on dataview's site: blacksmithgu/obsidian-dataview#2288, and presumably others.
Not sure if the issue should be addressed here or downstream. I would imagine that even after obsidian-calendar-ui updates (and maybe you already have! :) ), all the downstream dependents need to update as well.
Either way, I thought I might bring this to your attention here, and perhaps you might have suggestions as to approaches for down-down-downstream package developers such as myself ?
Please feel free to close if this is not really anything that should be discussed here (e.g., it's all really the downstream users responsibilities ...)
Obsidian的插件Calendar显示上异常,请问能修复吗?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.