there is a CVE in word-wrap: https://github.com/jonschlinkert/word-wrap/pull/33
It is fixed and integrated in latest optionator 0.9.x, which is used in escodegen 2.x.
Is there any chance to update escodegen to 2.x?
Thanks!
static-module users were never affected by this vulnerability (that code is unused), but static-eval now uses escodegen 2.x so it should no longer appear.
Hi @goto-bus-stop ,
there is a CVE in word-wrap: https://github.com/jonschlinkert/word-wrap/pull/33 It is fixed and integrated in latest optionator 0.9.x, which is used in escodegen 2.x. Is there any chance to update escodegen to 2.x? Thanks!
escodegen@1.14.3 │ └─┬ optionator@0.8.3 │ └── word-wrap@1.2.3
Optionator team will not merge the fix to 0.8.x: https://github.com/gkz/optionator/pull/46