Closed amitpareek49 closed 1 year ago
Please do read that "vulnerability". It states that Terser, a tool used to minify code, is vulnerable to a denial of service attack. This is not an issue in the context of a build tool.
Essentially, you can write extremely weird code and trigger a denial of service... against yourself. Which just stops the build from completing on its own. You can still exit of course.
No need to fix as it's not a legitimate issue. Vulnerability reports for Node tend to be absolutely worthless as they have no way of knowing the context in which dependencies run.
Hi @rschristian ,
Thanks for the quick response. I agree that there is no issue with the warning in a build tool context. it get's annoying however when these warnings keep popping up in Github.
I am closing this issue. Once again thanks for your prompt reply, much appreciated.
it get's annoying however when these warnings keep popping up in Github.
This isn't necessarily the safest advice so do your own due diligence, but honestly, I just disable them. They're too rarely valid.
Hi Team,
I am using microbundle as a dependency in one of my project. There is a warning thrown by github regarding a critical vulnerability with
"terser": "^5.7.0",
package. The fix has been deployed in version 5.14.2.Below is the link to the github issue - https://github.com/advisories/GHSA-4wf5-vphf-c2xc
Are there any plans on updating the version to the latest one?