You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think this issue has been fixed by highlightjs version 9.15.6 moving the offending dependencies to devDependencies (see pull request here). Updating this package to depend on 9.15.6 or greater should fix the vulnerabilities being pulled in from their build system.
@felixfbecker Quite right, my mistake. I thought that package-lock.json would lock the version for downstream dependers but I was incorrect. I think this can be marked as closed, then.
Pending a fix from the open issue on a dependency of this project we'll need to update this repo to pull in their changes.
The text was updated successfully, but these errors were encountered: