You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Projects that consume svgo (e.g., indirectly, @angular-devkit/build-angular via css-minimizer-webpack-plugin > cssnano > cssnano-preset-default > postcss-svgo > svgo > css-select > css-what) have a high severity DoS vulnerability due to something that was fixed in version 5.0.1 of css-what. css-select already fixed this in its latest release. Could there be a dependency update to address this?
To Reproduce
Steps to reproduce the behavior:
run npm install on an angular 12 project
run npm audit
Expected behavior
No vulnerability for projects that depend on patched versions of svgo
Screenshots
Desktop (please complete the following information):
SVGO Version ^2.3.0
NodeJs Version 14
OS: Windows 10
The text was updated successfully, but these errors were encountered:
Describe the bug
Projects that consume svgo (e.g., indirectly, @angular-devkit/build-angular via css-minimizer-webpack-plugin > cssnano > cssnano-preset-default > postcss-svgo > svgo > css-select > css-what) have a high severity DoS vulnerability due to something that was fixed in version 5.0.1 of css-what. css-select already fixed this in its latest release. Could there be a dependency update to address this?
To Reproduce
Steps to reproduce the behavior:
Expected behavior
No vulnerability for projects that depend on patched versions of svgo
Screenshots
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: