Skip to content

Security Issue Fix#264

Open
Xaala wants to merge 2 commits intoTryGhost:mainfrom
Xaala:patch-1
Open

Security Issue Fix#264
Xaala wants to merge 2 commits intoTryGhost:mainfrom
Xaala:patch-1

Conversation

@Xaala
Copy link

@Xaala Xaala commented Nov 8, 2024

Adding override to correct security vulnerability in cross-spawn package included as decendant of express-hbs

@Xaala
Security Issue Fix
99f13d8 
Adding override to correct security vulnerability in cross-spawn package included as decendant of express-hbs
Xaala
Xaala commented Nov 8, 2024
View reviewed changes
package.json
"optionalDependencies": {
"js-beautify": "^1.13.11"
},
"overrides": {
Copy link
Author

@Xaala Xaala Nov 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This forces a package bump of cross-spawn from vulnerable version 7.0.3 to patched version 7.0.5, when/if js-beautify gets an actual patch, this can be removed whenjs-beautify is updated in this repo.

@Xaala
Update package.json
b846549 
Corrected package name, had this repo's name as that's how I fixed it in a different project.
@Xaala
Copy link
Author

Xaala commented Nov 8, 2024

This PR fixes issue #263

@Xaala
Copy link
Author

Xaala commented Nov 15, 2024

@ErisDS No idea who to tag on this one to get some traction but it should be an easy PR.

Also see: beautifier/js-beautify#2328

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Xaala