danvk
commented
6 years ago Thanks for the PR. I don't see how this could be exploited in SME, but it can't hurt to fix.
Closed eins78 closed 6 years ago
danvk
commented
6 years ago Thanks for the PR. I don't see how this could be exploited in SME, but it can't hurt to fix.
eins78
commented
6 years ago Thanks for merging. I agree that there probably wasn't any danger, but in my case it popped up through npm audit and I generally like to keep my project free from any warnings.
Since this package is recommended by create-react-app I figured a few others ran into the same warning.
If anyone is in the same situation, the patched version can be used already before it is published to npm registry:
"devDependencies": {
"source-map-explorer": "git+https://github.com/danvk/source-map-explorer.git#b74f718"
}
see https://nodesecurity.io/advisories/663
fixes danvk/source-map-explorer#70