Security Issue Fix #264

Xaala · 2024-11-08T15:48:18Z

Adding override to correct security vulnerability in cross-spawn package included as decendant of express-hbs

Xaala · 2024-11-08T15:49:21Z

package.json

@@ -45,5 +45,10 @@
  },
  "optionalDependencies": {
    "js-beautify": "^1.13.11"
+  }, 
+  "overrides": {


This forces a package bump of cross-spawn from vulnerable version 7.0.3 to patched version 7.0.5, when/if js-beautify gets an actual patch, this can be removed whenjs-beautify is updated in this repo.

Corrected package name, had this repo's name as that's how I fixed it in a different project.

Xaala · 2024-11-08T15:52:16Z

This PR fixes issue #263

Xaala · 2024-11-15T13:47:02Z

@ErisDS No idea who to tag on this one to get some traction but it should be an easy PR.

Also see: beautifier/js-beautify#2328

Security Issue Fix

99f13d8

Adding override to correct security vulnerability in cross-spawn package included as decendant of express-hbs

Xaala commented Nov 8, 2024

View reviewed changes

Update package.json

b846549

Corrected package name, had this repo's name as that's how I fixed it in a different project.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Issue Fix #264

Security Issue Fix #264

Xaala commented Nov 8, 2024

Xaala Nov 8, 2024 •

edited

Loading

Xaala commented Nov 8, 2024

Xaala commented Nov 15, 2024

Security Issue Fix #264

Are you sure you want to change the base?

Security Issue Fix #264

Conversation

Xaala commented Nov 8, 2024

Xaala Nov 8, 2024 • edited Loading

Choose a reason for hiding this comment

Xaala commented Nov 8, 2024

Xaala commented Nov 15, 2024

Xaala Nov 8, 2024 •

edited

Loading