Security vulnerability CVE-2022-36313 in file-type dependency

jakejarvis / hugo-extended

✏️ Plug-and-play Node.js wrapper for Hugo Extended, the awesomest static-site generator.

https://www.npmjs.com/package/hugo-extended

MIT License

25 stars 6 forks source link

Security vulnerability CVE-2022-36313 in file-type dependency #133

Open sashakrymer opened 1 year ago

sashakrymer commented 1 year ago

Hi,

Our scan detected CVE-2022-36313 vulnerability in huge-extended via file-type:

`-- hugo-extended@0.110.0
  `-- careful-downloader@2.0.2
    `-- decompress@4.2.1
      +-- decompress-tar@4.1.1
      | `-- file-type@5.2.0
      +-- decompress-tarbz2@4.1.1
      | `-- file-type@6.2.0
      +-- decompress-targz@4.1.1
      | `-- file-type@5.2.0 deduped
      `-- decompress-unzip@4.0.1
        `-- file-type@3.9.0

Could you verify that huge-extended is affected and fix it if yes? Thank you.