We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
meow@10
The adventure begins with this vulnerability reported by npm audit
npm audit
https://www.npmjs.com/advisories/1753
node-sass@6 is using meow@9 which in turn uses trim-newlines@3 https://github.com/sass/node-sass/blob/master/package.json#L63
node-sass@6
meow@9
trim-newlines@3
The meow team is not going to address this in v9. sindresorhus/meow#195
meow
meow@10 however already uses trim-newlines@4 which addresses this vulnerability https://github.com/sindresorhus/meow/blob/main/package.json#L54
trim-newlines@4
Is it easily possible to upgrade to meow@10 here?
Thank you!
┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ Regular Expression Denial of Service │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ trim-newlines │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=3.0.1 <4.0.0 || >=4.0.1 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ bedrock-webpack │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ bedrock-webpack > node-sass > meow > trim-newlines │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1753 │ └───────────────┴──────────────────────────────────────────────────────────────┘
The text was updated successfully, but these errors were encountered:
trim-newlines
No, because Meow 10 converted to ESM #3125 (comment)
Sorry, something went wrong.
No, because Meow 10 converted to ESM
Then we should switch to ESM 😉 or use the dynamic import('meow').then(fn) that also works from cjs
import('meow').then(fn)
No branches or pull requests
The adventure begins with this vulnerability reported by
npm audit
https://www.npmjs.com/advisories/1753
node-sass@6
is usingmeow@9
which in turn usestrim-newlines@3
https://github.com/sass/node-sass/blob/master/package.json#L63
The
meow
team is not going to address this in v9.sindresorhus/meow#195
meow@10
however already usestrim-newlines@4
which addresses this vulnerabilityhttps://github.com/sindresorhus/meow/blob/main/package.json#L54
Is it easily possible to upgrade to
meow@10
here?Thank you!
The text was updated successfully, but these errors were encountered: