[Pkg-javascript-devel] Embedded modules more than once
Nicolas Mora
nicolas at babelouest.org
Thu Sep 3 14:49:32 BST 2020
Hello,
Concerning embedded modules, this raises me another question.
Le 20-09-03 à 08 h 54, Xavier a écrit :
> serialize-javascript:
> - node-compression-webpack-plugin (1.9.1)
> - node-copy-webpack-plugin (1.4.0)
> - node-uglifyjs-webpack-plugin (1.7.0)
A CVE was recently published for serialize-javascript [1], to fix the
issue, it must be upgraded to 3.1.0.
Can it be possible to broadcast this kind of issue to all packages
embedding vulnerable modules?
/Nicolas
[1] - https://github.com/advisories/GHSA-hxcc-f52p-wc94
More information about the Pkg-javascript-devel
mailing list