serialize-javascript and Cross-Site Scripting
MatteoGabriele opened this issue · comments
Matteo Gabriele commented
thanks for the package.
I was wondering about this warning coming from it tho. is it going to be updated any time soon.
cheers!
yarn audit v1.21.1
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ Cross-Site Scripting │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ serialize-javascript │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=2.1.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ bili │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ bili > rollup-plugin-terser > serialize-javascript │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1426 │
└───────────────┴──────────────────────────────────────────────────────────────┘
1 vulnerabilities found - Packages audited: 896891
Severity: 1 Moderate
dmackca commented
The dependency that causes it, rollup-plugin-terser, fixed the vulnerability in December, but it's in version 5 and bili is using version 4 currently.
EGOIST commented
🎉 This issue has been resolved in version 4.9.1 🎉
The release is available on:
Your semantic-release bot 📦🚀