search

buschtoens / broccoli-merge-files

Broccoli plugin to merge multiple files into one or multiple files
0 stars 1 forks source link

Package has a number of dependencies that contain CVEs #430

Open Frank3K opened 2 years ago

Frank3K commented 2 years ago

This package has dependencies on versions of packages that contain CVEs. This can be seen by the number of dependabot PR's that are present at the moment.

Output of running yarn audit on this repository (at commit 73a1afedf0f18c06cb059f40237aeb9ce1fca212):

370 vulnerabilities found - Packages audited: 755
Severity: 127 Moderate | 209 High | 34 Critical
Done in 1.58s.

Since this package is used by the popular ember-intl package, it makes that projects that use ember-intl get these CVEs too.

Is it possible to update the dependencies and release a new version?

LucasHillDex commented 8 months ago

@buschtoens in particular fast-glob 2.x brings in a couple CVEs.

ember-intl uses this library so getting a new release out with just the dependency updates would be awesome if possible.