XSS vulnerability through dependency `railroad-diagrams`

kach / nearley

📜🔜🌲 Simple, fast, powerful parser toolkit for JavaScript.

https://nearley.js.org

MIT License

3.57k stars 231 forks source link

Open voidvoxel opened 1 month ago

voidvoxel commented 1 month ago

Snyk is reporting a medium-risk XSS vulnerability through dependency railroad-diagrams.

I believe I've fixed this vulnerability within the dependency, but I still need to verify this resolves the issue before creating a pull request.

voidvoxel commented 1 month ago

Okay, it's been confirmed. This change does resolve the issue. I've already created the pull request and am awaiting a response.