search

mjmlio / mjml

MJML: the only framework that makes responsive-email easy
https://mjml.io
MIT License
16.99k stars 956 forks source link

SNYK-JS-INFLIGHT-6095116 #2826

Closed dan753722 closed 1 day ago

dan753722 commented 8 months ago

Dear MJML maintainers,

https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116

js-beautify@1.6.14 in mjml-cli uses glob@7. Although you've updated glob to v10, our Snyk scanner still detects it as vulnerable.

Could we please bump js-beautify to 1.14.11?

Thank you!

iRyusa commented 7 months ago

I'll update it next week

boxexchanger commented 5 months ago

+1

boxexchanger commented 4 months ago

@iRyusa Hi any updates about it?

iRyusa commented 1 day ago

Wanted to push a new version for this, but this should be fixed in 5.x branch for now as js-beautify is entirely removed from the project.