michaelficarra
commented
1 year ago No. This is unexploitable. I'm really not interested in bumping dependencies in old releases just because some scanner is complaining at you.
Closed SymbioticKilla closed 1 year ago
michaelficarra
commented
1 year ago No. This is unexploitable. I'm really not interested in bumping dependencies in old releases just because some scanner is complaining at you.
Hi,
there is a CVE in word-wrap: https://github.com/jonschlinkert/word-wrap/pull/33 It is fixed and integrated in latest optionator 0.9.x, which is used in escodegen 2.x. Is there any chance to update optionator to 0.9.x in 1.x version? Thanks!
escodegen@1.14.3 │ └─┬ optionator@0.8.3 │ └── word-wrap@1.2.3
Optionator team will not merge the fix to 0.8.x: https://github.com/gkz/optionator/pull/46