[Bug]: Dependency on expr-eval creates vulnerability

tokens-studio / sd-transforms

Custom transforms for Style-Dictionary, to work with Design Tokens that are exported from Tokens Studio

MIT License

194 stars 28 forks source link

[Bug]: Dependency on expr-eval creates vulnerability #241

Closed skapplersic closed 9 months ago

skapplersic commented 9 months ago

What happened?

Any version of this package above @0.5.3 has a dependency on a version of expr-eval that is flagged as a high severity vulnerability by Sonatype IQ Server. The issue was also addressed in the expr-eval repo. That package is no longer in active development, so it's unlikely that it will be fixed there.

Reproduction

No response

Expected output

No response

Version

0.12.2

skapplersic commented 9 months ago

Thanks for the quick response! 💯