Closed WendtWithers closed 2 years ago
By the way, the image says 3.9.6, but the same old dependency versions are still in version 3.10.2
Try latest 3.13.2 please
Better, but now I get another "moderate severity" complaint about postcss: Upgrade postcss to version 8.2.13 or later. Here's the CVE description (https://github.com/advisories/GHSA-566m-qj78-rww5):
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=(.*).
Jodit Version: 3.10.2
Browser: Any OS: Any Is React App: False
Code
Expected behavior: No dependabot issues
Actual behavior:
Remediation Suggested: Upgrade nanoid to version 3.1.31 or later Upgrade log4js to version 6.4.0 or later Upgrade follow-redirects to version 1.14.7 or later Upgrade node-forge to version 1.0.0 or later Upgrade trim to version 0.0.3 or later