You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The editorconfig package that js-beautify depends 1 on is too old and contains a vulnerable package (semver). 23
I hope you will consider updating the editorconfig package.
At least the latest version of the editorconfig package 4 does not contain the vulnerable semver package.
@bitwiseman would it be possible to create a release with this change ? We have strict compliance timelines to remediate CVEs in our apps and this would really help us out
The editorconfig package that js-beautify depends 1 on is too old and contains a vulnerable package (semver). 23
I hope you will consider updating the editorconfig package.
At least the latest version of the editorconfig package 4 does not contain the vulnerable semver package.
Footnotes
https://github.com/beautify-web/js-beautify/blob/main/package.json#L53 ↩
https://security.snyk.io/package/npm/semver ↩
https://github.com/advisories/GHSA-c2qf-rxjj-qqgw ↩
https://github.com/editorconfig/editorconfig-core-js/blob/main/package.json#L46 ↩
The text was updated successfully, but these errors were encountered: