Update version of css-select as it contains vulnerable dependency

taoqf / node-html-parser

A very fast HTML parser, generating a simplified DOM, with basic element query support.

MIT License

1.11k stars 107 forks source link

Closed ocofaigh closed 2 years ago

ocofaigh commented 2 years ago

nth-check 2.0.0 has a vulnerability in it (CVE-2021-3803)
nth-check 2.0.0 is a dependency of css-select 4.1.3 which is a dependency of node-html-parser: https://github.com/taoqf/node-html-parser/blob/1465d5d42bd14ea8b43f593d8d2e3ee22b9d6952/package.json#L51

Solution: Update to latest version of css-select in package.json. Right now that is 4.2.1 (This uses nth-check 2.0.1 which is not vulnerable)

ocofaigh commented 2 years ago

nonara commented 2 years ago

Thanks! Merged.