Open th0mas opened 3 years ago
I've tried to fix CVE-2020-7660 by bumping our JS dependency:
"serialize-javascript": ">=3.1.0"
Unfortunately this is a breaking change that prevents our app from building...
We definitely need to fix this before deploying our system to production.
Side note, learned not to push simple security fixes to master.....
@th0mas OK. let's just leave this issue open for now until an upstream fix is available. (assuming we aren't using "serialize-javascript" directly in an of our code ...)
I've tried to fix CVE-2020-7660 by bumping our JS dependency:
Unfortunately this is a breaking change that prevents our app from building...
We definitely need to fix this before deploying our system to production.
Side note, learned not to push simple security fixes to master.....