Update editorconfig package #2160

k725 · 2023-06-23T04:50:31Z

The editorconfig package that js-beautify depends ¹ on is too old and contains a vulnerable package (semver). ²³
I hope you will consider updating the editorconfig package.

At least the latest version of the editorconfig package ⁴ does not contain the vulnerable semver package.

bitwiseman · 2023-06-29T00:07:15Z

#2161 Fixes.

curtispd · 2023-07-07T13:23:35Z

Could we get a release for this please so that we can resolve the underlying vulnerability?

curtispd · 2023-07-11T21:55:25Z

@bitwiseman would it be possible to create a release with this change ? We have strict compliance timelines to remediate CVEs in our apps and this would really help us out

bitwiseman · 2023-07-13T07:08:04Z

@curtispd I'll get to it in the next few days.

bitwiseman closed this as completed Jun 29, 2023

bitwiseman added this to the v1.14.9 (next release) milestone Jun 29, 2023

bitwiseman added type: bug implementation: javascript labels Jun 29, 2023

Ericlm mentioned this issue Jun 29, 2023

Updating dependency to js-beautify vuejs/test-utils#2112

Closed

bitwiseman mentioned this issue Jul 4, 2023

editorconfig ^0.15.3 vulnerability #2163

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update editorconfig package #2160

Update editorconfig package #2160

k725 commented Jun 23, 2023

bitwiseman commented Jun 29, 2023

curtispd commented Jul 7, 2023

curtispd commented Jul 11, 2023

bitwiseman commented Jul 13, 2023

Update editorconfig package #2160

Update editorconfig package #2160

Comments

k725 commented Jun 23, 2023

Footnotes

bitwiseman commented Jun 29, 2023

curtispd commented Jul 7, 2023

curtispd commented Jul 11, 2023

bitwiseman commented Jul 13, 2023