You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
affected library: workbox-webpack-plugin
also addressed here jakejs/jake#408
async <3.2.2
Severity: high
Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25
fix available via `npm audit fix --force`
Will install workbox-webpack-plugin@6.3.0, which is a breaking change
node_modules/jake/node_modules/async
jake >=8.0.1
Depends on vulnerable versions of async
node_modules/jake
ejs >=3.1.2
Depends on vulnerable versions of jake
node_modules/ejs
@surma/rollup-plugin-off-main-thread >=2.2.0
Depends on vulnerable versions of ejs
node_modules/@surma/rollup-plugin-off-main-thread
workbox-build >=6.4.0
Depends on vulnerable versions of @surma/rollup-plugin-off-main-thread
node_modules/workbox-build
workbox-webpack-plugin >=6.4.0
Depends on vulnerable versions of workbox-build
node_modules/workbox-webpack-plugin
thanks
The text was updated successfully, but these errors were encountered:
I can confirm that a fresh install of the various Workbox builds tools shows that the open vulnerability has been resolved, as @surma/rollup-plugin-off-main-thread now pulls in ejs v3.1.7.
Hi, i'm getting several audit warnings related to GHSA-fwr7-v2mv-hh25
affected library: workbox-webpack-plugin
also addressed here jakejs/jake#408
thanks
The text was updated successfully, but these errors were encountered: