You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CVE-2022-38900: I created a PR for source-map-resolve to fix this security issue and and the maintainer refused to apply it:
But – anyway. I find it boring to use my free time to do things with this deprecated package that I don’t like. It might be easy to fix this thing, but in a couple of months there will be some other vulnerability in some other dependency and the cycle repeats. Or someone finds a vulnerability in source-map-resolve itself. Not fun.
So I have a replacement module that resolves the problem https://github.com/jesii/source-map-resolve. It updates decode-uri-component which is where the security issue, using v0.2.2 instead of the vulnerable v0.2.0.
So I have a replacement module that resolves the problem https://github.com/jesii/source-map-resolve. It updates decode-uri-component which is where the security issue, using v0.2.2 instead of the vulnerable v0.2.0.
@jonschlinkert could you consider implementing this, or even replace/remove source-map-resolve ?
https://github.com/lydell/source-map-resolve is deprecated now and contains vulnerable decode-uri-component dependency GHSA-w573-4hg7-7wgq
The text was updated successfully, but these errors were encountered: