MSW Depends on vulnerable versions of cookie - @bundled-es-modules/cookie on msw@2.5.1

[nemonemi]

Prerequisites

• [X] I confirm my issue is not in the opened issues
• [X] I confirm the Frequently Asked Questions didn't contain the answer to my issue

Environment check

• [X] I'm using the latest msw version
• [X] I'm using Node.js version 18 or higher

Browsers

No response

Reproduction repository

No need for repo in this case

Reproduction steps

Please update the vulnerable version of @bundled-es-modules/cookie.

Current behavior

npm audit report

cookie <0.7.0 cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x fix available via npm audit fix --force Will install msw@1.3.5, which is a breaking change node_modules/@bundled-es-modules/cookie/node_modules/cookie @bundled-es-modules/cookie >=2.0.0 Depends on vulnerable versions of cookie node_modules/@bundled-es-modules/cookie msw >=2.0.0 Depends on vulnerable versions of @bundled-es-modules/cookie node_modules/msw

Expected behavior

This version of cookie should not be used.

[tony-cocco]

Possible dupe of https://github.com/mswjs/msw/issues/2308

[kettanaito]

Hi. Thanks for opening this. Duplicate of #2308, already merged the fix in @bundled-es-modules/cookie, it just needs to be released by the maintainers. A PR with the release automation also suggested to make this faster next time. Be patient.