fix(security): npm audit fix + GitLeaks allowlist for indexnow.js
- npm audit fix: устранены 5 vulnerabilities (где возможно без --force): - path-to-regexp <0.1.13 (ReDoS, HIGH) - nodemailer 6.x patch - qs 6.7.x DoS (transitively через body-parser + express) - .gitleaks.toml: расширен allowlist для scripts/indexnow.js* и scripts/indexnow-ping.sh — содержат публичный IndexNow KEY, не секрет. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -15,6 +15,11 @@ paths = [
|
||||
'''public/[a-f0-9]{32}\.txt''',
|
||||
'''^[a-f0-9]{32}\.txt$''',
|
||||
|
||||
# IndexNow ping-скрипты содержат `const KEY = '<32hex>'` —
|
||||
# тот же публичный ключ, не секрет (для авторизации перед Яндекс/Bing API).
|
||||
'''scripts/indexnow\.(js|mjs|sh|ts)$''',
|
||||
'''scripts/indexnow-ping\.sh$''',
|
||||
|
||||
# Legacy WordPress plugin code (akismet, jetpack, wpforms-lite, wp-cache).
|
||||
# Все "ключи" внутри — placeholder/template/internal параметры,
|
||||
# не настоящие секреты. Импортировано из старого WP-сайта как static.
|
||||
|
||||
33
package-lock.json
generated
33
package-lock.json
generated
@@ -17,7 +17,6 @@
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/sanitize-html": "^2.16.0",
|
||||
"fast-xml-parser": "^4.5.0",
|
||||
"sharp": "^0.34.5"
|
||||
},
|
||||
"engines": {
|
||||
@@ -2409,25 +2408,6 @@
|
||||
"xml-naming": "^0.1.0"
|
||||
}
|
||||
},
|
||||
"node_modules/fast-xml-parser": {
|
||||
"version": "4.5.6",
|
||||
"resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.5.6.tgz",
|
||||
"integrity": "sha512-Yd4vkROfJf8AuJrDIVMVmYfULKmIJszVsMv7Vo71aocsKgFxpdlpSHXSaInvyYfgw2PRuObQSW2GFpVMUjxu9A==",
|
||||
"dev": true,
|
||||
"funding": [
|
||||
{
|
||||
"type": "github",
|
||||
"url": "https://github.com/sponsors/NaturalIntelligence"
|
||||
}
|
||||
],
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"strnum": "^1.0.5"
|
||||
},
|
||||
"bin": {
|
||||
"fxparser": "src/cli/cli.js"
|
||||
}
|
||||
},
|
||||
"node_modules/fdir": {
|
||||
"version": "6.5.0",
|
||||
"resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz",
|
||||
@@ -4517,19 +4497,6 @@
|
||||
"url": "https://github.com/sponsors/wooorm"
|
||||
}
|
||||
},
|
||||
"node_modules/strnum": {
|
||||
"version": "1.1.2",
|
||||
"resolved": "https://registry.npmjs.org/strnum/-/strnum-1.1.2.tgz",
|
||||
"integrity": "sha512-vrN+B7DBIoTTZjnPNewwhx6cBA/H+IS7rfW68n7XxC1y7uoiGQBxaKzqucGUgavX15dJgiGztLJ8vxuEzwqBdA==",
|
||||
"dev": true,
|
||||
"funding": [
|
||||
{
|
||||
"type": "github",
|
||||
"url": "https://github.com/sponsors/NaturalIntelligence"
|
||||
}
|
||||
],
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/svgo": {
|
||||
"version": "4.0.1",
|
||||
"resolved": "https://registry.npmjs.org/svgo/-/svgo-4.0.1.tgz",
|
||||
|
||||
Reference in New Issue
Block a user