Open Cheezer1656 opened 5 months ago
Thanks for reporting this! However I don't think this can be solved just by updating packages. The latest version of cwise
still depends on the vulnerable version of static-eval
through static-module
. Updating static-eval
would create a dependency conflict. (Indeed, npm audit fix
doesn't fix anything, and npm audit fix --force
gives me an error.)
So I think this would have to be fixed in cwise
by making it depend on a more recent version of static-module
that doesn't have the vulnerability.