mdaines
commented
6 months ago I don't know if this particular issue affects Viz.js or not, since it seems like it depends on how Expat is called by Graphviz? However, Expat 2.5.0 is a little bit behind, so I'll update it and make a Viz.js release soon. Thank you for the reminder.
Hi,
viz.js got flagged during security scan for the reference to Expat 2.5.0 in the DockerFile. That version seems to be vulnerable for CVE-2023-52425. I don't know if this is a false positive for viz.js itself, but if it isn't can the Expat version be upgraded?
Regards, Lieven