You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, a vulnerability CVE-2020-28469 is introduced in @salesforce/lwc-dev-server via:
● @salesforce/lwc-dev-server@2.10.0 ➔ cpx@1.5.0 ➔ chokidar@1.7.0 ➔ glob-parent@2.0.0
However, cpx is a legacy package, which has not been maintained for about 5 years.
Is it possible to migrate cpx to other package to remediate this vulnerability?
I noticed several migration records in other js repo for cpx:
in commitizen, version 2.10.1 ➔ 3.0.0, remove cpx via commit
in @s-ui/studio, version 10.12.0 ➔ 10.13.0, migrate cpx to copyfiles via commit
Hi, a vulnerability CVE-2020-28469 is introduced in @salesforce/lwc-dev-server via:
● @salesforce/lwc-dev-server@2.10.0 ➔ cpx@1.5.0 ➔ chokidar@1.7.0 ➔ glob-parent@2.0.0
However, cpx is a legacy package, which has not been maintained for about 5 years.
Is it possible to migrate cpx to other package to remediate this vulnerability?
I noticed several migration records in other js repo for cpx:
Are there any efforts planned that would remediate this vulnerability or migrate cpx?
Thanks
; )
The text was updated successfully, but these errors were encountered: