Closed Ilshidur closed 7 years ago
This current version (2.1.14) uses a vulnerable package according to Snyk, which is the version 1.5.0 of extract-zip.
It would be nice to at least upgrade this dependency to the 1.6.2 version, where the maintainers fixed it.
EDIT : made a PR (https://github.com/Medium/phantomjs/pull/732)
This current version (2.1.14) uses a vulnerable package according to Snyk, which is the version 1.5.0 of extract-zip.
It would be nice to at least upgrade this dependency to the 1.6.2 version, where the maintainers fixed it.
EDIT : made a PR (https://github.com/Medium/phantomjs/pull/732)