Consider upgrading to meow@10

[mattcollier]

The adventure begins with this vulnerability reported by npm audit

https://www.npmjs.com/advisories/1753

node-sass@6 is using meow@9 which in turn uses trim-newlines@3
https://github.com/sass/node-sass/blob/master/package.json#L63

The meow team is not going to address this in v9.
sindresorhus/meow#195

meow@10 however already uses trim-newlines@4 which addresses this vulnerability
https://github.com/sindresorhus/meow/blob/main/package.json#L54

Is it easily possible to upgrade to meow@10 here?

Thank you!

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ trim-newlines                                                │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=3.0.1 <4.0.0 || >=4.0.1                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ bedrock-webpack                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ bedrock-webpack > node-sass > meow > trim-newlines           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1753                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

[nschonni]

No, because Meow 10 converted to ESM #3125 (comment)

[jimmywarting]

No, because Meow 10 converted to ESM

Then we should switch to ESM 😉
or use the dynamic import('meow').then(fn) that also works from cjs