npm audit returns the following
# npm audit report
esbuild <=0.24.2
Severity: moderate
esbuild enables any website to send any requests to the development server and read the response - https://github.com/advisories/GHSA-67mh-4wv8-2f99
fix available via `npm audit fix --force`
Will install esbuild@0.25.0, which is a breaking change
node_modules/esbuild
node_modules/vite/node_modules/esbuild
monaco-editor-wrapper 4.0.0-next.0 - 4.2.1
Depends on vulnerable versions of esbuild
node_modules/monaco-editor-wrapper
vite 0.11.0 - 6.1.1
Depends on vulnerable versions of esbuild
node_modules/vite
vite-node <=2.2.0-beta.2
Depends on vulnerable versions of vite
node_modules/vite-node
vitest 0.0.1 - 0.0.12 || 0.0.29 - 0.0.122 || 0.3.3 - 2.2.0-beta.2
Depends on vulnerable versions of vite
Depends on vulnerable versions of vite-node
node_modules/vitest
5 vulnerabilities (4 moderate, 1 critical)
To address all issues (including breaking changes), run:
npm audit fix --force
The problem is that, updating monaco-editor-wrapper breaks a lot of the code for the Web-based editor (setupClassic.ts, setupExtended.tx etc.)
I have a brute-force fix that basically removes almost all configuration code, but it would basically make the Web editor useless...
npm auditreturns the followingThe problem is that, updating
monaco-editor-wrapperbreaks a lot of the code for the Web-based editor (setupClassic.ts,setupExtended.txetc.)I have a brute-force fix that basically removes almost all configuration code, but it would basically make the Web editor useless...